Troubleshooting

Fault messages in the FortiAnalyzer Integration App GUI and in the ServiceNow Application Logs describe the trouble and ordinarily incorporate recommendations to right it.

Connection issues

To troubleshoot connection problems between FortiAnalyzer and the FortiAnalyzer Integration App:
  1. In FortiAnalyzer, go to Organization Settings > Admin > Administrators.
    1. Click the account used for integration with the FortiAnalyzer Integration App and check that the settings are correct.

      Encounter Setting Up FortiAnalyzer.

  2. Cheque that you lot have ready upwards JSON-RPC permission correctly.
    Note

    Ensure the Username tin can be found in FortiAnalyzer and has JSON-RPC permission.

    Meet Setting Upward FortiAnalyzer.

  3. Get to the FortiAnalyzer Integration App System Properties.
    1. Check that the connection settings are correct, especially the domain proper name, port number, ADOMs, and API credentials.
      Note
      • Ensure the Domain HTTPS link is correct.
      • Ensure a trusted, signed SSL document is installed.
      • Ensure the port number is correct.
      • Ensure the password is correct.

      See Setting upward the FortiAnalyzer Integration App.

      If connectedness settings are incorrect, the app displays an fault message when you click Salve.

    2. Cheque that you are using a supported firmware version.
  4. Cheque that the FortiAnalyzer is missing a document, or the certificate is incomplete. ServiceNow requires a trusted certificate on FortiAnalyzer to establish a secured connection.
    1. In ServiceNow, go to Application Log > Errors. The following error may bespeak the certificate is incomplete:

      fileName: ;line:0;errorMessage:org.apache.commons.httpclient.HttpException:SSLPeerUnverifiedException

    2. Utilize a tertiary-party service such every bit digicert or sslshopper to identify the errors on the FortiAnalyzer side.
    3. In FortiAnalyzer, get to System Settings > Certificates, to fix the certificate issues, such every bit adding an intermediate CA certificate.
To troubleshoot consequence logs that are non updating:

Event logs are non automatically updated after a FortiAnalyzer service outage when "Fetch events from FortiAnalyzer ADOMs automatically" is enabled. To resume updates later service is restored, run the Run_FetchFAZEvents script.

Note

Y'all must have an admin role to perform this task.

  1. Go to Organization Definition > Scheduled Jobs, or type scheduled jobs in the organisation explorer.
  2. Blazon *faz in the Search field.
  3. Click Run_FetchFAZEvents.
  4. Deselect Agile and select it again to resume the updates.

Others

To view log message errors, go to ServiceNow, click All applications and search for Organisation Log. Then select Application Logs.

In the App Log pane, check for errors. You lot tin can filter by keywords to search for messages.

Fault

Possible solutions

User cannot log in
  • Check that the user account has the right roles.
  • Bank check the spelling of the username and password.

Error message: FortiAnalyzer: fileName: ; line: 0; message: Unknown host

Cheque the name and spelling of the Domain.

Error message: ServiceNow API user snapi needs to have x_forti_fazintgv2.snAPI part assigned

Assign the x_forti_fazintgv2.snAPI office to the ServiceNow account. Encounter Setting upward the FortiAnalyzer Integration App.

Fault bulletin: ServiceNow API user snapi needs to accept import_transformerrole assigned

Assign the import_transformer to the ServiceNow account. See Setting up the FortiAnalyzer Integration App.

FortiAnalyzer Incidents are not up-to-date

Synchronizing incidents takes time. Expect a few minutes and attempt once more.