Created on 02-24-2010 05:41 AM Edited on 12-12-2024 06:53 AM By Stephen_G
Description
This article provides troubleshooting help that can be used if the 'Log disk failure is imminent' message is displayed on the Alert log of the FortiGate.
Scope
FortiGate, FortiProxy.
Solution
The FortiGate can sometimes display 'Log disk failure is imminent' in the alert console. This message generally indicates that FortiOS has detected a potential error with the SMART or NVME Disk on the FortiGate unit. This message can come in the General System Logs from where the log description will be 'Log disk failure imminent' with log id '0100022102'.
Sample Log:
date=2024-08-08 time=08:52:00 eventtime= 1675196379240018069 tz="-0900" logid="0100022102" type="event" subtype="system" level="critical" vd="root" logdesc="Log disk failure imminent" msg="Log disk failure is imminent, logs should be backed up"
The device has detected potential issues with the disk used for storing log data, and it has produced a warning that a disk failure is likely to occur soon. This is a critical issue as logs are essential for monitoring and troubleshooting network activities.
The following steps can be used to troubleshoot the issue.
Backup Configuration:
Before taking any action, ensure having a recent backup of your FortiGate configuration. This will help quickly to restore the device to its previous state in case of a failure.
Check Disk Health:
Some FortiGate devices have built-in tools to check the health of the storage devices. It is possible to find disk health information in the device''s web-based management interface. If there are options to check disk status or health, use them to gather more information.
Replace the Failing Disk:
If the device is still under warranty or support, Fortinet may send a replacement disk. Follow the instructions provided by Fortinet or the support team to replace the failing disk with a new one.
Follow the below steps for troubleshooting, backing up the logs, and performing a low-level format for specific unit models.
- Verify whether the FortiGate device has an available Disk by running the following command on the CLI of the FortiGate:
get system status
Version: Fortigate-800 3.00,build0744,090630
Virus-DB: 8.00631(2008-01-15 14:27)
IPS-DB: 2.00461(2008-01-18 11:23)
Serial-Number: FGT8003606500274
BIOS version: 04000001
Log hard disk: Available
If the 'get system status' output shows that the disk is 'Not Available', this would indicate there is no disk present in the FortiGate and that the alert message is indeed a discrepancy, and a software version enhancement might be required.
- If a disk is available then collect the following output from the CLI:
diagnose sys logdisk smart <-- Display log disk status
diagnose sys logdisk status <-- Show log disk S.M.A.R.T. info; not available for NVME disk
diagnose sys logdisk usage <-- Show log disk stats. - It would be advisable to perform a backup of the logs by running the following command on the CLI of the device. This can be performed either by FTP or TFTP:
exec backup disk alllogs
FTP
Backup all log files to FTP server.
TFTP
Backup all log file(s) to TFTP server.
USB
Backup all log files to USB.
- In the case where a disk is present but unavailable and inactive, to further test the disk, 2 options can be performed this will test the disk and provide output that could justify an RMA of the device in the case of a faulty disk. The following command is only available for ASM-S08 HDD module.
diagnose sys logdisk test
A low-level format of the disk could also be performed. However, this will erase all logs from the disk. Refer to this article for the procedure to format the log disk.
If the disk is still in an inactive state after having performed the low-level format, then create a FortiCare Support Ticket for further assistance. Include all the information collected in steps 1 to 4 when creating the ticket.