After upgraded to FAZ firmware version to FortiAnalyzer_6.0.5 you can experience a “No Data” visualization problem in FortiView analytics functions.
One of the most popular features of the FAZ is the FortiView information aggregator that allows the SOC a general overview of the security status of its network.In fact, in the dashboard where the “No data” problem may exist you can find information such as: Top 10 Threads, Top 10 Countries, Top 10 Sources, Top 10 Destinations, Top 10 Applications.
The problem derives from a bug due to a change of version in which the structure of the db is modified. Here we propose a workaround while the anomaly will be fixed in the next firmware version.
7 Step workaround:
- Check in Device Manager if you receive the logs,
2. Check rebuild db status and also db error messages in Event Log,
3. Edit System Time, disable Automatically adjust clock for daylight saving changes and set Manual Time then click OK:
4. Restart fazsvcd via CLI:
5. Test all FortiView graphs and logs to generate the new SQL queries,
6. Go to step 3 enable Automatically adjust clock for daylight saving changes and set NTP Time.
7. Reboot the FortiAnalyzer and verify FortiView statistics.
Tadaaaaaa:
FAZ “No Data” issue is disappeared!
