Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Andy_G
Staff
Staff

Created on ‎06-04-2020 08:56 AM

Article Id 194827

Technical Tip: [FortiSOAR Tricks'n'Tips] Web Socket (Live Sync) is Red (Not Working)

Description

Web Socket (Live UI)

Live UI provides users with many benefits, such as immediate refreshing of records in case of an update by users or workflow (playbook or API), without the users having to refresh the views to see the updates manually.

This is applicable for the following UI components:

  • Grid and Relationship grid (view panel)
  • Details View Panel
  • Collaboration Panel: Comments or Attachments
  • Approvals in notification panel

If the FortiSOAR™ instance is connected to the web sockets server then a "Green" connection icon is displayed at the top-middle of the FortiSOAR™ UI as shown in the following image:



Challenge

Sometimes while working with FortiSOAR™ or after upgrading your FortiSOAR™ instance, after you log on into the FortiSOAR™ UI, you might observe that the Web Socket (Live UI) is "Red"  which indicates that the FortiSOAR™ instance is disconnected to the web sockets server as shown in the following image:


Solution

To resolve this issue, you can use any of the following methods.

Method 1: Check the Tomcat Service

  1. ssh to machine as a root user and type the following command:
    csadm services --status
    The output of the above command get displayed as follows: 
  2. If the "Tomcat" service is not running, restart the Tomcat service using the following command:
    # systemctl restart cyops-tomcat
  3. Check the status of all the services again using the the following command:
    csadm service --status 
    Now, the Tomcat service should be running, as displayed in the following image:
  4. Verify the web socket status on the UI, if it is "Green", then the Web Socket (Live Sync) is in a working state.

Method 2: Check that the hostname is pointing to your FortiSOAR™ instance

  1. ssh to machine as a root user.
  2. Check the notifier logs using the following command:
    # less /var/log/cyops/cyops-notifier/notifier.log
  3. Check if the notifier.log contains the following type of exception:
    Caused by: org.springframework.web.client.ResourceAccessException: I/O error Get request for https://Hostname/api/3:Hostname: Name or service not known; nested exception is java.net.UnknownException: Hostname: Name or service not known.
    This exception means that the     hostname in /etc/cyops/config.yml file is not pointing to your FortiSOAR™ instance.
  4. The hostname in the /etc/cyops/config.yml file must point to your FortiSOAR™ instance. It must resolve to the current node, or alternatively, you can set it to "localhost" as follows:
    # vi /etc/cyops/config.yml
    crudhub_host: https://Hostname
  5. Restart the Tomcat service using the following command:
    # systemctl restart cyops-tomcat

842
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.