Description
This article describes how to understand the quota GB/Day of logs and disk entitled from the subscription in FortiAnalyzer Cloud.
Scope
FortiAnalyzer Cloud.
Solution
FortiAnalyzer Cloud can be provisioned by getting a license either from Device Level or Account Level.
the device Level, each FortiGate can add an SKU for FortiAnalyzer Cloud subscription with or without SOCaaS. See: Licensing.
It can be reviewed in Support Portal -> Asset Management -> Products -> Product List -> FortiGate -> Select one FortiGate -> Entitlement -> Select the icon 
Additional storage license or in-case does not purchase any Device Level subscriptions, Account Level can be reviewed under Support Portal -> Asset Management -> Account Services -> FortiAnalyzer Cloud.
If checking on Account Level and it does not show any information, that is expected since no additional SKU FCX-10-AZCLD-463-01-DD are purchased, and are supposed to be only on Device Level.
Note:
SKU FCX-10-AZCLD-463-01-DD also supports FortiMail and FortiClient logs.
Once all levels of subscriptions are confirmed, proceed to understand how to calculate quota GB/Day and disk entitlement.
For GB/Day daily rate of logging are depends on the FortiGate model:
| Specifications (Virtual Machine) | FortiGate Hardware Model | Total daily log limit |
|
Desktop or FortiGate-VM models with 2 CPU |
FortiGate 30 to FortiGate 90 | 200MB/Day |
|
1RU or FortiGate-VM models with 4 CPU |
FortiGate 100 series, FortiGate 600 series, FortiGate 800 series, FortiGate 900 series | 1GB/Day |
|
2 RU and above or FortiGate-VM models with 8 CPU and above |
FortiGate 1000 series and higher | 5GB/Day |
Check under Support Portal -> Asset Management -> Products -> Product List -> FortiGate for Device Level.
For Account Level, Support Portal -> Asset Management -> Account Services -> FortiAnalyzer Cloud
Total GB/Day is the combination of both Device Level and Account Level:
- 800 MB/Day +5 GB/Day = 5.8 GB/Day ~ round up to 6GB/Day
For entitled disk storage, the value for GB/Day times 100 Days for default Analytics retention.
- 5.8 GB/Day x 100 = 580GB
By default, FortiAnalyzer Cloud resources are provided with 6 vCPU, 16GB RAM, and 500GB disk despite the subscriptions entitled. Once it detects disk usage is more than 65%, the Cloud team will increase the storage size based on entitlement.
Check the current disk size using the command below:
FAZVM64-VIO-CLOUD # execute lvm info
LVM Status: OK
LVM Size: 500GB
File System: ext4 491GB
Disk1 : Used 500GB
Disk2 : Unavailable 0GB
Disk3 : Unavailable 0GB
Disk4 : Unavailable 0GB
Disk5 : Unavailable 0GB
Disk6 : Unavailable 0GB
Disk7 : Unavailable 0GB
Disk8 : Unavailable 0GB
Disk9 : Unavailable 0GB
Disk10: Unavailable 0GB
Disk11: Unavailable 0GB
Disk12: Unavailable 0GB
Disk13: Unavailable 0GB
Disk14: Unavailable 0GB
Disk15: Unavailable 0GB
The command below will show reserved space from the total storage allocated and to be used in the FortiAnalyzer Cloud:
FAZVM64-VIO-CLOUD # diagnose log device <----- Retrieve logging-related information for managed devices
Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used%
FGVM02TM24010995 FGVM02TM24010995 20.2MB( 20.2MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a
Total: 1 log devices, used=20.2MB quota=unlimited
AdomName AdomOID Type Logs Database
[Retention Quota Used( logs/quaranti/ content/ IPS) Used%] [Retention Quota Used( SiemDB/ hcache) Used%]
root 3 FSF 365days 264.0GB 20.5MB( 20.5MB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 100days 176.0GB 24.0MB( 6.3MB/ 58.9KB) 0.0%
Total usage: 1 ADOMs, logs=20.5MB(20.5MB/0.0KB/0.0KB/0.0KB) database=309.8MB(ADOMs usage:24.0MB(6.3MB, 58.9KB) + Internal Usage:285.8MB)
Total Quota Summary:
Total Quota Allocated Available Allocate%
441.1GB 440.0GB 1.1GB 99.8%
System Storage Summary:
Total Used Available Use%
491.1GB 27.3GB 463.8GB 5.6 %
Reserved space: 50.0GB (10.2% of total space).
If the resources are not increased, contact TAC support to get an assistant.
Related article:
Technical Tip: Understand number of devices connected to FortiManager Cloud
