Description
Prior to firmware 5.4.0 (firmware 5.2 and below), user will be able to configure individual device storage quota.
In firmware 5.4.0 onwards, the storage quota design have changed and is now based on ADOM level quota, in which the quota is assigned per ADOM and all the units shared the same quota.
However, when individual device disk quota was configured on firmware 5.2 and below and the FortiAnalyzer upgraded to v5.4.0 and above, the individual device disk quota will remained.
However, it will only be shown/visible through CLI and not visible in the GUI.
This causes issue if the device disk storage quota was configured at a lower rate and logs are being overwritten faster than expected.
This article describes how to configure individual device quota.
Solution
Use the following command to change the individual disk quota:
This unit is in ADOM 'v52' and below is the 'Log Storage Policy' for ADOM v52:
Prior to firmware 5.4.0 (firmware 5.2 and below), user will be able to configure individual device storage quota.
In firmware 5.4.0 onwards, the storage quota design have changed and is now based on ADOM level quota, in which the quota is assigned per ADOM and all the units shared the same quota.
However, when individual device disk quota was configured on firmware 5.2 and below and the FortiAnalyzer upgraded to v5.4.0 and above, the individual device disk quota will remained.
However, it will only be shown/visible through CLI and not visible in the GUI.
This causes issue if the device disk storage quota was configured at a lower rate and logs are being overwritten faster than expected.
This article describes how to configure individual device quota.
Solution
Use the following command to change the individual disk quota:
# execute log device disk-quota <device_id> <disk quota value in MB, 0 for unlimited>The per device storage info can be viewed using the command '# diagnose log device':
# diagnose log device
Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used%
Alza-kvm36 FGVM02000------2 155.8MB( 155.8MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a
FGVM020000108305 FGVM02000------5 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a
Myvi-kvm12 FGVM01000------1 20.0KB( 20.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 0.0%
SYSLOG-0A2F0142 SYSLOG-0A2F0142 249.0MB( 249.0MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a
Total: 4 log devices, used=404.8MB quota=1000.0MB
AdomName AdomOID Type Logs Database
[Retention Quota UsedSpace(logs / quarantine / content / IPS) Used%] [Retention Quota Used Used%]
FortiAnalyzer 108 FAZ 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiAuthenticator 124 FAC 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiCache 112 FCH 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiCarrier 104 FGT 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiClient 114 FCT 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiDDoS 122 FDD 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiMail 106 FML 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiManager 118 FMG 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiProxy 133 FPX 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiSandbox 120 FSA 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
FortiWeb 110 FWB 365days 300.0MB 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 700.0MB 0.0KB 0.0%
Syslog 116 SYS 365days 300.0MB 249.0MB( 249.0MB/ 0.0KB/ 0.0KB/ 0.0KB) 83.0% 60days 700.0MB 532.8MB 76.1%
root 3 FGT 365days 300.0MB 155.8MB( 155.8MB/ 0.0KB/ 0.0KB/ 0.0KB) 51.9% 60days 700.0MB 617.5MB 88.2%
v52 140 FGT 365days 1.5GB 20.0KB( 20.0KB/ 0.0KB/ 0.0KB/ 0.0KB) 0.0% 60days 3.4GB 0.0KB 0.0%
Total usage: 14 ADOMs, logs=404.8MB database=1.5GB(ADOMs usage:1.1GB + Internal Usage:425.1MB)
Total Quota Summary:
Total Quota Allocated Available Allocate%
32.2GB 17.6GB 14.7GB 54.5%
System Storage Summary:
Total Used Available Use%
39.2GB 5.3GB 33.9GB 13.6%
Reserved space: 7.0GB (17.8% of total space).In above example, FGVM01000------1 is having per-device storage quota of 1000MB.
This unit is in ADOM 'v52' and below is the 'Log Storage Policy' for ADOM v52:
The maximum disk storage quota is 5000MB, in which 70% (5000MB x 70% = 3500MB) will be used for analytics (database) and 30% (5000MB x 30% = 1500MB) will be used for archive (raw logs).
This ADOM level quota is being reflected in the output of '# diagnose log device' as well.
Since starting from firmware 5.4.0, use ADOM level quota instead of individual unit quota is recommended.
All units level quota is advised to set to unlimited.
However, in some cases, to configure per-device quota, it will have below impact:
1) If device quota is reached before the ADOM level quota, older logs will be overwritten regardless of ADOM level quota.
2) If ADOM level quota is reached before the device quota, older logs will also be overwritten regardless of device level quota.
2) If ADOM level quota is reached before the device quota, older logs will also be overwritten regardless of device level quota.
