DescriptionIf the 'Detailed' mode is enabled for Log Forwarding in Settings -> Log Forwarding -> Audit Logs, then the Tomcat server might crash and the 'Live Sync' might continuously fail.
SolutionTo avoid crashing of the Tomcat server and to do not increase the memory assigned to the Tomcat service, disable log forwarding and then set log forwarding to the 'Basic' mode as follows:1) SSH to the FortiSOAR server and login as a root user.2) List the current log forward settings using the following command:
# csadm log forward show-config3) Copy the UUID from the output of the show-config command.
4) Disable forwarding of the audit logs to the syslog server using the following command: # csadm log forward update-config --uuid <uuid> --filter applicationOR # csadm log forward update-config --uuid <uuid> --filter none 5) Restart the Tomcat service using the following command: # systemctl restart cyops-tomcat 6) Log on to FortiSOAR, and select Settings -> System Configuration.
7) Select the Log Forwarding tab.
8) From the Specify Audit Log Detail Level drop-down list, select Basic, and select 'Save'.If for some reason it is requires to use the 'Detailed' mode for log forwarding, increase the memory assigned to the Tomcat service running the log forwarding process using the following steps:1) In /usr/lib/systemd/system/cyops-tomcat.service change the Xms value as follows: Environment="CATALINA_OPTS=-Xms4096M -Xmx4096M -server -XX:+UseParallelGC" 2) Run 'systemctl daemon-reload'.3) Run 'systemctl restart cyops-tomcat'.
