FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
onunez
Staff
Staff
Description
When available disk space is low on a FortiAnalyzer, an effective approach to freeing up disk space is to target deletion of some of the data which is stored as files (rather than logs):

DLP files
Packet log files
Quarantined files

If these files are large, they could quickly use up disk space.

Solution
To reduce space used by these types of files

1. Setup up Automatic Deletion based on Age of Files
System Settings > Advanced > File Management

You can setup rules specific to:
Content Archive
Quarantine Files

2. Delete Files from the CLI

Below are the CLI commands for deleting all files of a specific type from a specific devices (FortiGate):

For DLP Files:

# execute log dlp-files clear

<string>    device name

FG100C-Swift-4

FG3K91-2


For IPS Files:

# execute log ips-pkt clear

<string>    device name

FG100C-Swift-4

FG3K91-2

 

For Quarantine Files:

# execute log quarantine-files clear

<string>    device name

FG100C-Swift-4

FG3K91-2

Contributors