Description
This article describes how to change the start-time of an SQL
rebuild.
In FortiAnalyzer it may be necessary to occasionally delete and
rebuild the SQL database. Configuring start-time allows the
administrator to decide how much log data is included in the
rebuild and therefore, how far back log search and reporting can
extend after the rebuild.
Note: If choosing an earlier data for start-time than Log View
currently shows, it may be necessary to modify the Log Storage
Policy to ensure enough quota is allocated to Analytic data.
Solution
To
rebuild the SQL database with all logs entries, check the setting
start-time in config system sql.
1. Set the following value to rebuild the database with logs
from 2000/01/01:
config
system sql
set
start-time 00:00 2000/01/01
end
2. Rebuild the SQL database:
execute
sql-local rebuild-db
Related Articles
Technical Tip: FortiAnalyzer SQL database delete and rebuild
