FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Article Id 191226

Description

 

This article provides troubleshooting help that can be used if the 'Log disk failure is imminent' message is displayed on the Alert log of the FortiGate.

 

Scope

FortiGate, FortiProxy.

 

Solution

 

The FortiGate can sometimes display 'Log disk failure is imminent' in the alert console. This message generally indicates that FortiOS has detected a potential error with the SMART or NVME Disk on the FortiGate unit. This message can come in the General System Logs from where the log description will be 'Log disk failure imminent' with log id '0100022102'.  


Sample Log:


date=2024-08-08 time=08:52:00 eventtime= 1675196379240018069 tz="-0900"  logid="0100022102" type="event" subtype="system" level="critical" vd="root" logdesc="Log disk failure imminent" msg="Log disk failure is imminent, logs should be backed up"


The device has detected potential issues with the disk used for storing log data, and it has produced a warning that a disk failure is likely to occur soon. This is a critical issue as logs are essential for monitoring and troubleshooting network activities.

The following steps can be used to troubleshoot the issue.    

Backup Configuration:

 

Before taking any action, ensure having a recent backup of your FortiGate configuration. This will help quickly to restore the device to its previous state in case of a failure.  


Check Disk Health:  

 

Some FortiGate devices have built-in tools to check the health of the storage devices. It is possible to find disk health information in the device''s web-based management interface. If there are options to check disk status or health, use them to gather more information.

 

Replace the Failing Disk:

If the device is still under warranty or support, Fortinet may send a replacement disk. Follow the instructions provided by Fortinet or the support team to replace the failing disk with a new one.


Follow the below steps for troubleshooting, backing up the logs, and performing a low-level format for specific unit models.

 

  1. Verify whether the FortiGate device has an available Disk by running the following command on the CLI of the FortiGate:

get system status

Version: Fortigate-800 3.00,build0744,090630

Virus-DB: 8.00631(2008-01-15 14:27)
IPS-DB: 2.00461(2008-01-18 11:23)
Serial-Number: FGT8003606500274
BIOS version: 04000001
Log hard disk: Available


If the 'get system status' output shows that the disk is 'Not Available', this would indicate there is no disk present in the FortiGate and that the alert message is indeed a discrepancy, and a software version enhancement might be required.

  1. If a disk is available then collect the following output from the CLI:

    diagnose sys logdisk smart <-- Display log disk status
    diagnose sys logdisk status
    <-- Show log disk S.M.A.R.T. info; not available for NVME disk
    diagnose sys logdisk usage <-- Show log disk stats.

  2. It would be advisable to perform a backup of the logs by running the following command on the CLI of the device. This can be performed either by FTP or TFTP:

    exec backup disk alllogs

    FTP

    Backup all log files to FTP server.

    TFTP   

    Backup all log file(s) to TFTP server.

    USB    

    Backup all log files to USB.


  3. In the case where a disk is present but unavailable and inactive, to further test the disk, 2 options can be performed this will test the disk and provide output that could justify an RMA of the device in the case of a faulty disk. The following command is only available for ASM-S08 HDD module.

    diagnose sys logdisk test

 

A low-level format of the disk could also be performed. However, this will erase all logs from the disk. Refer to this article for the procedure to format the log disk.

If the disk is still in an inactive state after having performed the low-level format, then create a FortiCare Support Ticket for further assistance. Include all the information collected in steps 1 to 4 when creating the ticket.