Skip to main content
FMG_TAC_Eng_1
Staff
FMG_TAC_Eng_1
Staff
August 22, 2021

Technical Tip: Log data migration limitations between two FortiAnalyzer virtual machines

  • August 22, 2021
  • 0 replies
  • 2000 views

Description
This article describes consequences of improper disk migration on FortiAnalyzer VMs.

FortiAnalyzer VM, in current releases, uses Local Volume Manager (LVM) libraries to map and control block storage devices attached to virtual machine. 
From a system administrator point of view, this allows an easy storage extension.

Solution

 

When a FortiAnalyzer VM is launched for the first time, the system will be started from a virtual disk which is included in the downloaded image from the support portal, and the second data drive will be prepared on initial start by creating a LVM structure on the disk and formatting the volume to ext4 filesystem.

 
After configuring FortiAnalyzer logging on the FortiGate and authorizing the firewall on the FortiAnalyzer, log data and files on the storage disk are visible as shown below:
 
 
How not to migrate data between two FortiAnalyzer VMs:
 
If another VM is created and attach an existing storage disk to the new FortiAnalyzer, all log data will be deleted and no FortiView and Reports will be left.
 

If it is compared, after the migration, the /Storage folder contains less data than it originally had.  
 
 
Best approach to data migration:
 
From FortiAnalyzer's point of view best option would be to use one of the options.

 

Related Articles

Technical Tip: Extending disk space in FortiAnalyzer VM / FortiManager VM

Technical Tip: How to migrate a FortiAnalyzer logs and config to a new system

Terms & ConditionsAccessibility statement