Description |
This article describes how, if the DLP fingerprint database is enabled via dlp fp-doc-source, the 'DLP database space alarm' warning log will be visible once the size of dB exceeds the configured value (16MB default). The detailed message in the log is shown below. 'Out of space adding files to the DLP fingerprint database. Increase the database size, select a smaller set of files, or change the database mode'. |
Scope | FortiGate DLP Fingerprint database. |
Solution |
Not all FortiGate models support the DLP fingerprint database. Usually, the models with a built-in hard disk support it and models without it will not support it. For detailed information, see this document.
There are a few ways to address this.
The default db-mode under 'config dlp setting' is stop-adding, which means that if the dB size is reached, no more files can be added into the dB. This default setting is usually preferred over others. It is common practice to increase the file size.
Below is an example using FortiGate 61E to increase the DB size from the default 16MB to 64MB. 16384KB (16MB) is the default size and the current dB size is at 16116KB (this will always be a slightly smaller number than the maximum allowed number defined. The actual dB size required exceeds the size defined here and a warning log is shown.)
diagnose test application dlpfingerprint 7
Another way to reach this conclusion is to check the file list with the command below. If not all of the files are seen or the number of the file list is lower than expected, it means the size defined is not large enough and should be increased. Alternatively, add one more file, run the refresh command, and see if the new file name shows up in the list.
diagnose test application dlpfingerprint 3
Two things worth mentioning:
show config dlp settings end
show full config dlp settings set storage-device '' set size 16 <- Default 16MB. set db-mode stop-adding set cache-mem-percent 2 set chunk-size 2800 end
set size 64 <- Changed to 64MB. end diagnose test application dlpfingerprint 7 DB size 16116 kB. Maximum allowed is 65536 kB
After the size increase, consider refreshing the DB. It may take some time to refresh when the number of files is high.
diagnose test application dlpfingerprint 6
If the available disk is limited, consider changing the db-mode setting. Note: 'config dlp setting' is available globally whereas other settings are under specific VDOMs, such as the root.
Related documents: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.