Skip to main content
Baboda
Baboda
New Member
August 16, 2017
Question

Disk log quota issue

  • August 16, 2017
  • 1 reply
  • 11380 views

Hello,

cannot understand why I can't increase log quota for FG800C3913801256 while I have 1650.8GB total available on my FAZ300D (5.4). I've also tryied to decrease FG800C3913801910 quota from 800GB to 10GB but cannot increase for FG800C3913801256. 800GB are missed somewhere :( see below please any help.

 

FAZ300D # execute log device disk-quota FG800C3913801256 900000 The input value is too large. Valid range is between 100 and 401 (MB).

 

FAZ300D # diagnose log device Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used% FG800C3913801256 FG800C3913801256 125.3GB( 125.3GB/ 0.0KB/ 0.0KB/ 1.4MB) 800.0GB 15.7% FG800C3913801910 FG800C3913801910 27.7MB( 27.7MB/ 0.0KB/ 0.0KB/ 0.0KB) 9.8GB 0.3% Total: 2 log devices, used=125.4GB quota=809.8GB

AdomName AdomOID Type Logs Database [Retention Quota UsedSpace(logs / quarantine / content / IPS) Used%] [Retention Quota Used Used%] root 3 FGT 30days 625.0GB 125.4GB( 125.4GB/ 0.0KB/ 0.0KB/ 1.4MB) 20.1% 30days 937.5GB 281.9GB 30.1% FortiMail 142 FML 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiCache 144 FCH 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiWeb 145 FWB 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% Syslog 147 SYS 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiClient 148 FCT 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiAnalyzer 149 FAZ 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiSandbox 151 FSA 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiCarrier 153 FGT 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiManager 288 FMG 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiDDoS 291 FDD 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% Total usage: 11 ADOMs, logs=125.4GB database=283.2GB(ADOMs usage:281.9GB + Internal Usage:1.2GB)

Total Quota Summary: Total Quota Allocated Available Allocate% 1650.8GB 1572.3GB 78.5GB 95.2%

System Storage Summary: Total Used Available Use% 1833.8GB 510.5GB 1323.3GB 27.8%

Reserved space: 183.0GB (10.0% of total space).

    1 reply

    scao_FTNT
    Staff
    scao_FTNT
    Staff
    August 16, 2017

    what is the FAZ version? "execute log device disk-quota" output seems not correct based on "diagnose log device" output

     

    but from 5.4, FAZ has changed quota design and added new ADOM level quota, so you can remove (set device to 0 = unlimited) device quota config and let ADOM quota to take control (you can config on GUI when edit ADOM)

     

    Thanks

     

    Simon

    Baboda
    BabodaAuthor
    New Member
    August 18, 2017

    Thanks Simon,

    also because upgrading to FAZ 5.4 was created the root adom but with FGTs version still at 5.0 while in the meantime we upgraded FGTs to 5.2 I've created new adom named FGT800C and migrated FGTs from root to this new one. Then I moved most space from root (which is empty right now) to FGT800C adom. I've also removed device log quota as by your advice:

     

    FAZ300D # diagnose log device Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used% FG800C3913801256 FG800C3913801256 30.1GB( 30.1GB/ 0.0KB/ 0.0KB/ 2.4MB) unlimited n/a FG800C3913801910 FG800C3913801910 19.9MB( 19.9MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a Total: 2 log devices, used=30.2GB quota=unlimited

    AdomName AdomOID Type Logs Database [Retention Quota UsedSpace(logs / quarantine / content / IPS) Used%] [Retention Quota Used Used%] root 3 FGT 365days 9.8GB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 90days 39.1GB 715.4MB 1.8% FortiMail 142 FML 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiCache 144 FCH 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiWeb 145 FWB 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% Syslog 147 SYS 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiClient 148 FCT 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiAnalyzer 149 FAZ 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiSandbox 151 FSA 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiCarrier 153 FGT 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiManager 288 FMG 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FortiDDoS 291 FDD 365days 400.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 365days 600.0MB 2.8MB 0.5% FGT800C 326 FGT 365days 454.1GB 30.2GB( 30.1GB/ 0.0KB/ 0.0KB/ 2.4MB) 6.6% 60days 1059.6GB 272.8GB 25.7% Total usage: 12 ADOMs, logs=30.2GB database=274.8GB(ADOMs usage:273.5GB + Internal Usage:1.2GB)

    Total Quota Summary: Total Quota Allocated Available Allocate% 1650.8GB 1572.3GB 78.5GB 95.2%

    System Storage Summary: Total Used Available Use% 1833.8GB 406.5GB 1427.3GB 22.2%

    Reserved space: 183.0GB (10.0% of total space).

     

    My question is .. is root adom necessary even though it is empty ? I can't delete it or at least if possible I'd like to make availbale its 50 GB to use for the new adom.

     

    Last question is what's the difference between analytics and archive logs ? I see there is a quota each with default value 70%/30% and 60 days/365 days retention each.

    scao_FTNT
    Staff
    scao_FTNT
    Staff
    August 18, 2017

    is root adom necessary even though it is empty ? I can't delete it or at least if possible I'd like to make availbale its 50 GB to use for the new adom.    -- root ADOM is the default ADOM (similar as FGT root VDOM), you can not delete this default ADOM, but you can change its quota to maybe 1000MB as other default ADOMs Last question is what's the difference between analytics and archive logs ? I see there is a quota each with default value 70%/30% and 60 days/365 days retention each.    -- analytics is for SQL db after log inserted into SQL table and archive is for raw log (and IPS, antivirus file, email attachment etc if your FGT enabled this) and FAZ has 2 controls here, quota based, so when quota reach FAZ will start to delete oldest log table and log files, or policy based, so when xx days you configured reached first, FAZ start to delete. But for quota triggered delete, FAZ will popup a warning since FAZ can not keep user configured policy day (for example, you configured to keep 1 month SQL but FAZ only can keep 1 week since quota is too small) to ask user to increase quota config

    Thanks

     

    Simon

    Terms & ConditionsAccessibility statement