Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
alaxkar
Staff
Staff

Created on ‎01-17-2025 04:20 AM

Article Id 370821

Technical Tip: Use the CLI to bulk delete EventDB events from the database to free up space

Description This article describes how to delete events in mass from the EventDB database to free up space and purge old and unnecessary data. 
Scope FortiSIEM.
Solution

To manually delete the outdated data from the event database, remove all files that are older than X days.

 

Before deleting anything, use this command to check what will be deleted:


find /data/eventdb/ -type f -mtime +150 -name '*' -exec ls -lh {} \;


find /data/eventdb/ -type f -mtime +<number of days> -name '*' -exec rm -rfv {} \;

For example, to remove all the data and events older than 150 days, run the following:

 

find /data/eventdb/ -type f -mtime +150 -name '*' -exec rm -rfv {} \;

Note: This example illustrates removing data that is 150 days old. This number can be adjusted based on specific requirements.
1190
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.