Fortinet black logo

FortiAnalyzer Federation Deployment Guide

Home FortiAnalyzer 7.0.0 FortiAnalyzer Federation Deployment Guide
7.0.0
7.0.0

Appendix B - Troubleshooting

Appendix B - Troubleshooting

Confirming a member has joined the Fabric

When adding a new member, check that the member has joined the Fabric.

To confirm that a member has joined the Fabric:
  1. In the FortiAnalyzer Federation supervisor CLI, enter the following command:

    diagnose test application fazsvcd 36 nodes

    FAZ-S-901 # diagnose test application fazsvcd 36 nodes

    Supervisor:

    3632041446 (Self)

    Status: up

    Members:

    209855595

    Status : up

    Node Ping Time : 19 Apr 2021 18:41:22 (1618882882)

    Last Ping Time : 19 Apr 2021 18:41:34 (1618882894)

    Fabric Serial Number : FAZVMSTM21000123

    Platform : v7.0.0-build0037 210411 (Interim)

    Platform Type : FAZVM64

    Platform Full Name : FortiAnalyzer-VM64

    Version : v7.0.0-build0037 210411 (Interim)

    Serial Number : FAZVMSTM21000123

    Hostname : FAZVM64-Shawn-130-change

    FIPS Mode : Disabled

    HA Mode : Stand Alone

    Branch Point : 0037

    Release Version Information : Interim

    Current Time : Mon Apr 19 11:56:36 PDT 2021

    Daylight Time Saving : Yes

    Timezone : (GMT-8:00) Pacific Time (US & Canada).

    Disk Usage (free) : 442.98GB

    Disk Usage (total) : 491.15GB

    License Status : Valid

    2024759224

    Status : up

    Node Ping Time : 19 Apr 2021 18:42:30 (1618882950)

    Last Ping Time : 19 Apr 2021 18:41:34 (1618882894)

    Fabric Serial Number : FAZVMSTM20000234

    Platform : v7.0.0-build0043 210416 (Interim)

    Platform Type : FAZVM64

    Platform Full Name : FortiAnalyzer-VM64

    Version : v7.0.0-build0043 210416 (Interim)

    Serial Number : FAZVMSTM20000234

    Hostname : FAZVM-S-903

    FIPS Mode : Disabled

    HA Mode : Stand Alone

    Branch Point : 0043

    Release Version Information : Interim

    Current Time : Mon Apr 19 11:57:50 PDT 2021

    Daylight Time Saving : Yes

    Timezone : (GMT-8:00) Pacific Time (US & Canada).

    Disk Usage (free) : 57.41GB

    Disk Usage (total) : 78.24GB

    License Status : Valid

    2462459651

    Status : up

    Node Ping Time : 19 Apr 2021 18:42:30 (1618882950)

    Last Ping Time : 19 Apr 2021 18:41:34 (1618882894)

    Fabric Serial Number : FAZVMSTM21000345

    Platform : v7.0.0-build0043 210416 (Interim)

    Platform Type : FAZVM64

    Platform Full Name : FortiAnalyzer-VM64

    Version : v7.0.0-build0043 210416 (Interim)

    Serial Number : FAZVMSTM21000345

    Hostname : FAZ-VM-S-902

    FIPS Mode : Disabled

    HA Mode : Stand Alone

    Branch Point : 0043

    Release Version Information : Interim

    Current Time : Mon Apr 19 11:59:24 PDT 2021

    Daylight Time Saving : Yes

    Timezone : (GMT-8:00) Pacific Time (US & Canada).

    Disk Usage (free) : 406.06GB

    Disk Usage (total) : 491.15GB

    License Status : Valid

    This diagnostic shows all of the current members on the supervisor or on the member. Ensure that the status for each member is up.

Member unable to join the Fabric

If the member does not join the Fabric, possible issues include:

  • Incorrect supervisor IP
  • Incorrect PSK
  • Encryption setting mismatch between supervisor/member
  • Incorrect Fabric name
  • The supervisor allowaccess setting described above does not include the soc-fabric setting
  • The supervisor is not reachable by the member, use ping to confirm.
  • The supervisor/member is not running.

The supervisor uses a mixture of synchronized data and data retrieved directly from the member. This data is retrieved through the Fabric from the JSONAPI service running on the member, so it is possible to view cached alert information while the member is not actually running.

Server error: Fabric member not available

Problem: When selecting an alert, the supervisor displays Server Error: Fabric member xxx is not available.

Description: The supervisor is not able to contact the member through the Fabric.

To troubleshoot a server error:
  1. Ensure that the member has booted and is running.
  2. Ensure that the member has connected to the Fabric using the following CLI command:

    diagnose test application fazsvcd 36 nodes

JSONAPI service reports error

Problem: When selecting an alert, the supervisor displays: JSONAPI Service reports: <error message>.

Description: The member has joined the Fabric, but the JSONAPI service of the member cannot service the request.

To troubleshoot a JSON API service reports error:
  1. Ensure that the member has completely booted up.
  2. Determine if the member is performing some type of database rebuild which may prevent service availability.
  3. Access the members’ GUI to determine if it can use its own JSONAPI service.

    More detailed connectivity information is available using the following diagnostics, which can be run on the supervisor and member:

    diagnose test application fazsvcd 56

    diagnose test application fazsvcd 53

    diagnose test application fazsvcd 36 members

Previous
Next

Appendix B - Troubleshooting

Confirming a member has joined the Fabric

When adding a new member, check that the member has joined the Fabric.

To confirm that a member has joined the Fabric:
  1. In the FortiAnalyzer Federation supervisor CLI, enter the following command:

    diagnose test application fazsvcd 36 nodes

    FAZ-S-901 # diagnose test application fazsvcd 36 nodes

    Supervisor:

    3632041446 (Self)

    Status: up

    Members:

    209855595

    Status : up

    Node Ping Time : 19 Apr 2021 18:41:22 (1618882882)

    Last Ping Time : 19 Apr 2021 18:41:34 (1618882894)

    Fabric Serial Number : FAZVMSTM21000123

    Platform : v7.0.0-build0037 210411 (Interim)

    Platform Type : FAZVM64

    Platform Full Name : FortiAnalyzer-VM64

    Version : v7.0.0-build0037 210411 (Interim)

    Serial Number : FAZVMSTM21000123

    Hostname : FAZVM64-Shawn-130-change

    FIPS Mode : Disabled

    HA Mode : Stand Alone

    Branch Point : 0037

    Release Version Information : Interim

    Current Time : Mon Apr 19 11:56:36 PDT 2021

    Daylight Time Saving : Yes

    Timezone : (GMT-8:00) Pacific Time (US & Canada).

    Disk Usage (free) : 442.98GB

    Disk Usage (total) : 491.15GB

    License Status : Valid

    2024759224

    Status : up

    Node Ping Time : 19 Apr 2021 18:42:30 (1618882950)

    Last Ping Time : 19 Apr 2021 18:41:34 (1618882894)

    Fabric Serial Number : FAZVMSTM20000234

    Platform : v7.0.0-build0043 210416 (Interim)

    Platform Type : FAZVM64

    Platform Full Name : FortiAnalyzer-VM64

    Version : v7.0.0-build0043 210416 (Interim)

    Serial Number : FAZVMSTM20000234

    Hostname : FAZVM-S-903

    FIPS Mode : Disabled

    HA Mode : Stand Alone

    Branch Point : 0043

    Release Version Information : Interim

    Current Time : Mon Apr 19 11:57:50 PDT 2021

    Daylight Time Saving : Yes

    Timezone : (GMT-8:00) Pacific Time (US & Canada).

    Disk Usage (free) : 57.41GB

    Disk Usage (total) : 78.24GB

    License Status : Valid

    2462459651

    Status : up

    Node Ping Time : 19 Apr 2021 18:42:30 (1618882950)

    Last Ping Time : 19 Apr 2021 18:41:34 (1618882894)

    Fabric Serial Number : FAZVMSTM21000345

    Platform : v7.0.0-build0043 210416 (Interim)

    Platform Type : FAZVM64

    Platform Full Name : FortiAnalyzer-VM64

    Version : v7.0.0-build0043 210416 (Interim)

    Serial Number : FAZVMSTM21000345

    Hostname : FAZ-VM-S-902

    FIPS Mode : Disabled

    HA Mode : Stand Alone

    Branch Point : 0043

    Release Version Information : Interim

    Current Time : Mon Apr 19 11:59:24 PDT 2021

    Daylight Time Saving : Yes

    Timezone : (GMT-8:00) Pacific Time (US & Canada).

    Disk Usage (free) : 406.06GB

    Disk Usage (total) : 491.15GB

    License Status : Valid

    This diagnostic shows all of the current members on the supervisor or on the member. Ensure that the status for each member is up.

Member unable to join the Fabric

If the member does not join the Fabric, possible issues include:

  • Incorrect supervisor IP
  • Incorrect PSK
  • Encryption setting mismatch between supervisor/member
  • Incorrect Fabric name
  • The supervisor allowaccess setting described above does not include the soc-fabric setting
  • The supervisor is not reachable by the member, use ping to confirm.
  • The supervisor/member is not running.

The supervisor uses a mixture of synchronized data and data retrieved directly from the member. This data is retrieved through the Fabric from the JSONAPI service running on the member, so it is possible to view cached alert information while the member is not actually running.

Server error: Fabric member not available

Problem: When selecting an alert, the supervisor displays Server Error: Fabric member xxx is not available.

Description: The supervisor is not able to contact the member through the Fabric.

To troubleshoot a server error:
  1. Ensure that the member has booted and is running.
  2. Ensure that the member has connected to the Fabric using the following CLI command:

    diagnose test application fazsvcd 36 nodes

JSONAPI service reports error

Problem: When selecting an alert, the supervisor displays: JSONAPI Service reports: <error message>.

Description: The member has joined the Fabric, but the JSONAPI service of the member cannot service the request.

To troubleshoot a JSON API service reports error:
  1. Ensure that the member has completely booted up.
  2. Determine if the member is performing some type of database rebuild which may prevent service availability.
  3. Access the members’ GUI to determine if it can use its own JSONAPI service.

    More detailed connectivity information is available using the following diagnostics, which can be run on the supervisor and member:

    diagnose test application fazsvcd 56

    diagnose test application fazsvcd 53

    diagnose test application fazsvcd 36 members

Previous
Next