Skip to main content
ismailurek2
ismailurek2
New Member
April 16, 2025
Question

FortiAnalyzer Retention Issue – Very Limited Analytics and Archive Logs Despite Long Uptime

  • April 16, 2025
  • 2 replies
  • 1501 views

Hello,

 

Our FortiAnalyzer has been running continuously for about 180 days, however:

- Analytics log is only 1 day,

- Archive log is kept for only 11 days.

- Disk occupancy is 85% (445 GB total available).

 

Our expectation was that these times would be much longer. No manual changes were made to the log retention settings.storage_info.png

I rebuilt FortiAnalyzer but then the day counts were updated as shown in the image below.storageinfo_after_rebuild.JPG

 

 

Best Regards,

Ä°smail Ãœrek

 

FortiAnalyzer 

2 replies

AEK
SuperUser
AEK
SuperUser
April 16, 2025

Hi Ismail

I see you need much more disk space than 445GB.

AEK
ismailurek2
ismailurek2Author
New Member
April 16, 2025

Hi @AEK,

 

Would this affect the number of days my archive and analytics logs are retained? There is still available disk space, and I should still be able to view historical archive and analytics logs, right?

Will I be able to see more archive and analytics logs if I increase the disk?

 

Best Regards,

Ä°smail Ãœrek

AEK
SuperUser
AEK
SuperUser
April 17, 2025

Hi Ismail

What is the amount of daily analytic logs?

If I understand well from the screenshot, the disk space is almost consumed, so the oldest logs are cleaned up in order to make space for today's logs.

AEK
Jeremy5385
Jeremy5385
Visitor III
April 19, 2025

I had a similar issue a while back where I was asking why only a few days of logs for ~1,500Gb of storage.  I ended up upping the CPU and memory quite a bit to fix the issue.  I think the internal SQL database was staved and couldn't complete processing the logs.  I would give this a try assuming you have the VM.

    AEK
    SuperUser
    AEK
    SuperUser
    April 19, 2025

    Than makes sense. Thanks for sharing, Jeremy.

    AEK
    Terms & ConditionsAccessibility statement