FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JianWu
Staff
Staff
Article Id 332201
Description

This article describes how, if the DLP fingerprint database is enabled via dlp fp-doc-source, the 'DLP database space alarm' warning log will be visible once the size of dB exceeds the configured value (16MB default). The detailed message in the log is shown below.

'Out of space adding files to the DLP fingerprint database. Increase the database size, select a smaller set of files, or change the database mode'.

Scope FortiGate DLP Fingerprint database.
Solution

FGT-LogID32169-DLP database space alarm.PNG

 

Not all FortiGate models support the DLP fingerprint database. Usually, the models with a built-in hard disk support it and models without it will not support it. For detailed information, see this document.

 

There are a few ways to address this.

 

The default db-mode under 'config dlp setting' is stop-adding, which means that if the dB size is reached, no more files can be added into the dB. This default setting is usually preferred over others. It is common practice to increase the file size.

 

Below is an example using FortiGate 61E to increase the DB size from the default 16MB to 64MB. 16384KB (16MB) is the default size and the current dB size is at 16116KB (this will always be a slightly smaller number than the maximum allowed number defined. The actual dB size required exceeds the size defined here and a warning log is shown.)

 

diagnose test application dlpfingerprint 7
DB size 16116 kB. Maximum allowed is 16384 kB 

 

Another way to reach this conclusion is to check the file list with the command below. If not all of the files are seen or the number of the file list is lower than expected, it means the size defined is not large enough and should be increased. 

Alternatively, add one more file, run the refresh command, and see if the new file name shows up in the list.

 

diagnose test application dlpfingerprint 3

 

Two things worth mentioning:

  1. The entry index number may not be continuous and could be updated, so the number of entries matters more than the index number itself.
  2. On a smaller box (compare FortiGate 61E with FortiGate 501E, for example), the number of the entry may appear incomplete. This is a display issue.

 

show

config dlp settings

end

 

show full

config dlp settings

    set storage-device ''

    set size 16                     <- Default 16MB.

    set db-mode stop-adding

    set cache-mem-percent 2

    set chunk-size 2800

end

 

set size 64 <- Changed to 64MB.

end

diagnose test application dlpfingerprint 7

DB size 16116 kB.  Maximum allowed is 65536 kB

 

After the size increase, consider refreshing the DB. It may take some time to refresh when the number of files is high.

 

diagnose test application dlpfingerprint 6

 

If the available disk is limited, consider changing the db-mode setting.

Note: 'config dlp setting' is available globally whereas other settings are under specific VDOMs, such as the root.

 

Related documents: