This articles describes how to troubleshoot issues related to CIS Controls Security Rating Report Generation Failure on FortiAnalyzer.
Scope
FortiAnalyzer v7.4 onwards
Solution
Step 1: Ensure that the FortiAnalyzer and FortiGate are on v7.4 and above. Check if the Security Rating licenses are present on both devices.
On FortiAnalyzer:
On FortiGate:
Step 2: Ensure the FortiGate is registered to FortiAnalyzer and the logging status is UP.
Step 3: Run the Security Rating Report on the FortiGate and check the Security Rating summary log on the FortiAnalyzer. Run the following debugs while performing this step to verify the RESTAPI response.
On FortiAnalyzer:
diag debug reset diag debug disable diag test application oftpd 95 enable "RESTAPI REQUEST" "RESTAPI RESPONSE" diag debug timestamp enable diag debug enable
On FortiGate:
diag debug reset diag debug disable diag debug application httpsd -1 diag debug console timestamp enable diag debug enable
Step 4: Enable the backend-shell access on the FortiAnalyzer.
FAZ # config system admin setting (setting)# set shell-access enable Enter new password: Confirm new password: (setting)# end
Step 5: Enter the shell and check if the PostureReport files for the FortiGate are present under the drive0/private/restapi/audit_rpt/ directory.
Step 6: Proceed to generate the report under Reports > Report Definitions > CIS Controls Security Rating Report > Run Report.
Step 7: Check if there are any crash logs present when running the report:
FAZ # diag debug crashlog read