Description
This article describes how to move a device from one ADOM to another in the FortiAnalyzer.
Scope
FortiAnalyzer.
Solution
It is assumed that the ADOM feature is enabled on the FortiAnalyzer. If the ADOM feature is not enabled on the FortiAnalyzer, then it can be enabled under System settings -> Dashboard -> System information -> Administrative Domain.
In this example, the device called FGT80CM1 is associated with the ADOM 'FORTINET_OMAR' and needs to be moved to the new ADOM 'FORTIGATES52'. Go under ADOM -> Manage ADOMs and select 'create new':
Type the ADOM name and select the same FortiOS version running on the device that needs to be moved (in this case, the device FGT80CM1 is running the v5.2.6):
Select OK (do not select the device FGT80CM1 yet), and the new ADOM is created.
The CLI can be used to review the log device:
FAZ1000D # diagnose log device
Device Name Device ID Used Space (logs/database/quar/content/IPS) Allocated Space % Used
FGT80CM1 FG80CM3914601323 35466MB (6508/ 28958/ 0 / 0 / 0 ) 130000MB 27.28%
ADOM Name ADOM OID Type UsedSpace(database) Quota(database) % Used
FORTINET_OMAR 280 FGT 29339MB 84600MB 34.68%
FORTIGATES52 395 FGT 0MB 0MB 0.00%
The device can now be moved: go to ADOM -> Manage ADOMs -> FORTIGATES52 and select the device that needs to be moved to this ADOM, select the device FGT80CM1 and select 'add' the device, select OK, and the device will start moving to the new ADOM:
The CLI will show:
FAZ1000D # diagnose log device
Device Name Device ID Used Space (logs/database/quar/content/IPS) Allocated Space % Used
FGT80CM1 FG80CM3914601323 35467MB (6508/ 28959/ 0 / 0 / 0 ) 130000MB 27.28%
ADOM Name ADOM OID Type UsedSpace(database) Quota(database) % Used
FORTINET_OMAR 280 FGT 29339MB 84600MB 34.68%
FORTIGATES52 395 FGT 0MB 0MB 0.00%
It is now necessary to rebuild the database for the new ADOM:
execute sql-local rebuild-adom FORTIGATES52
Rebuild log SQL database of ADOM 'FORTIGATES52' has been requested.
This operation will remove the log SQL database for ADOM 'FORTIGATES52' and rebuild from log data.
Do you want to continue? (y/n)Y
Request to rebuild ADOM 'FORTIGATES52' submitted successfully.
The progress of the rebuild can be seen by:
diagnose sql status rebuild-adom FORTIGATES52
FORTIGATES52 percent: 3% bg-rebuild:Yes start:"Thu (4) 2016-03-03 17:28:50" took:47(s) remain:1519(s)...
The rebuild will finish after some time, and the log device will show:
diagnose sql status rebuild-adom FORTIGATES52
FORTIGATES52 percent:100% bg-rebuild:Yes start:"Thu (4) 2016-03-03 17:28:50" took:1128(s)
ADOM Name ADOM OID Type UsedSpace(database) Quota(database) % Used
FORTIGATES52 395 FGT 28962MB 78000MB 37.13%
All the logs can now be seen on the new ADOM.
Note:
Command 'execute sql-local rebuild-adom' is not supported on FortiAnalyzer v7.6 releases.
Instead, it is necessary to run the command execute sql-local rebuild-db.
This requires a reboot of the FortiAnalyzer. After the reboot, a rebuild of the SQL database for all ADOMs will be triggered
The rebuild progress can be monitored using the command diagnose sql status rebuild-db.
The rebuild process can take a considerable amount of time, depending on the number of FortiAnalyzer Analytics logs.
Related articles:
Technical Tip: How to migrate logs between ADOMs on a FortiAnalyzer
Technical Tip: Moving devices and VDOMs between FortiManager ADOMs
