Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
alaxkar
Staff
Staff

Created on ‎01-17-2025 04:20 AM Edited on ‎08-01-2025 01:54 AM By Moderator

Article Id 370821

Technical Tip: Use the CLI to bulk delete EventDB events from the database to free up space

Description This article describes how to delete events in mass from the EventDB database to free up space and purge old and unnecessary data. 
Scope FortiSIEM.
Solution

To manually delete the outdated data from the event database, remove all files that are older than X days.

 

Before deleting anything, use this command to check what will be deleted:


find /data/eventdb/ -type f -mtime +150 -name '*' -exec ls -lh {} \;


find /data/eventdb/ -type f -mtime +<number of days> -name '*' -exec rm -rfv {} \;

For example, to remove all the data and events older than 150 days, run the following:

 

find /data/eventdb/ -type f -mtime +150 -name '*' -exec rm -rfv {} \;

Note

This example illustrates the removal of data that is 150 days old. This number can be adjusted based on specific requirements.

  1. Take a backup of the virtual machine (VM).

  2. Ensure also to back up all necessary data.

  3. Note that once the data is erased, it cannot be recovered.

 

For more information related to space purging, see the 'Retention Policies' documentation:

Creating Retention Policy
1411
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.