Troubleshooting
Error messages in the FortiAnalyzer Integration App GUI and in the ServiceNow Application Logs describe the problem and usually contain recommendations to correct it.
Connection problems
To troubleshoot connection problems between FortiAnalyzer and the FortiAnalyzer Integration App:
- In FortiAnalyzer, go to System Settings > Admin > Administrators.
- Click the account used for integration with the FortiAnalyzer Integration App and check that the settings are correct.
- Check that you have set up JSON-RPC permission correctly.
Ensure the Username can be found in FortiAnalyzer and has JSON-RPC permission.
- Go to the FortiAnalyzer Integration App System Properties.
- Check that the connection settings are correct, especially the domain name, port number, ADOMs, and API credentials.
- Ensure the Domain HTTPS link is correct.
- Ensure a trusted, signed SSL certificate is installed.
- Ensure the port number is correct.
- Ensure the password is correct.
See Setting up the FortiAnalyzer Integration App.
If connection settings are incorrect, the app displays an error message when you click Save.
- Check that you are using a supported firmware version.
- Check that the connection settings are correct, especially the domain name, port number, ADOMs, and API credentials.
- Check that the FortiAnalyzer is missing a certificate, or the certificate is incomplete. ServiceNow requires a trusted certificate on FortiAnalyzer to establish a secured connection.
- In ServiceNow, go to Application Log > Errors. The following error may indicate the certificate is incomplete:
fileName: ;line:0;errorMessage:org.apache.commons.httpclient.HttpException:SSLPeerUnverifiedException
- Use a third-party service such as digicert or sslshopper to identify the errors on the FortiAnalyzer side.
- In FortiAnalyzer, go to System Settings > Certificates, to fix the certificate issues, such as adding an intermediate CA certificate.
- In ServiceNow, go to Application Log > Errors. The following error may indicate the certificate is incomplete:
To troubleshoot event logs that are not updating:
Event logs are not automatically updated after a FortiAnalyzer service outage when "Fetch events from FortiAnalyzer ADOMs automatically" is enabled. To resume updates after service is restored, run the Run_FetchFAZEvents script.
You must have an admin role to perform this task. |
- Go to System Definition > Scheduled Jobs, or type
scheduled jobs
in the system explorer. - Type
*faz
in the Search field. - Click Run_FetchFAZEvents.
- Deselect Active and select it again to resume the updates.
Others
To view log message errors, go to ServiceNow, click All applications and search for System Log. Then select Application Logs.
In the App Log pane, check for errors. You can filter by keywords to search for messages.
Error |
Possible solutions |
---|---|
User cannot log in |
|
Error message: |
Check the name and spelling of the Domain. |
Error message: |
Assign the x_forti_fazintgv2.snAPI role to the ServiceNow account. See Setting up the FortiAnalyzer Integration App. |
Error message: |
Assign the import_transformer to the ServiceNow account. See Setting up the FortiAnalyzer Integration App. |
FortiAnalyzer Incidents are not up-to-date |
Synchronizing incidents takes time. Wait a few minutes and try again. |