Description
This article describe how it is necessary to delete a VDOM from a FortiAnalyzer using the CLI and not the GUI.
Solution
The VDOM cannot be deleted completely just by deleting it from FortiAnalyzer GUI.
1) Delete VDOM 'test' from the FortiGate.
# conf vdom(vdom)delete test
(vdom)end
2) Delete VDOM "test" from the FortiAnalyzer GUI.
deleted.# exec log device vdom list 1500D
Device name:1500D.
|-------id:0, name:root (*** can not be deleted ***)
|-------id:1, name:tester1
|-------id:2, name:tester2
|-------id:3, name:vdom_lag <----- 'Test' is gone.
But the VDOM reappears minutes later.This is as designed because the underlying logs still exist.# exec log device vdom list 1500DDevice name:1500D.
|-------id:0, name:root (*** can not be deleted ***)
|-------id:1, name:tester1
|-------id:2, name:tester2
|-------id:3, name:vdom_lag
|-------id:4, name:test <----- Reappeared.
Solution: Delete the VDOM from the CLI.
Deleting the VDOM from the CLI (starting in FortiAnalyzer 5.4.3 & 5.6.0) will also delete the log files associated with that VDOM.
execute below command to delete log files uploaded from VDOM 'test'.# exec log device vdom delete 1500D test <----- '1500D' is unitname,and 'test' is VDOM name.
This command will delete Vdom:'test' and its log files from device '1500D'.
Do you want to continue? (y/n)y
Vdom:'test' and its log files were deleted from unit 'FG1K5D3I15-----3' successfully.
Result: VDOM "test" doesn't reappear again.
Starting from firmware 6.0.5 onwards, deletion of VDOM has been implemented to support GUI.
