Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
calvinc97
Staff & Editor
Staff & Editor

Created on ‎03-25-2024 11:15 PM Edited on ‎09-19-2025 02:49 AM By Community Manager

Article Id 306545

Troubleshooting Tip: CMDB partition reaching full storage in FortiSIEM

Description This article describes how to troubleshoot the CMDB partition is reaching full storage in FortiSIEM.
Scope FortiSIEM v6.x+.
Solution

When the CMDB partition is almost full, use the command '#df -h'.

Use the command below to check which table is occupying a large space in CMDB.

  • List and identify tables or old tables that can be removed to save space:


SSH root as supervisor
psql -U phoenix -d phoenixdb


SELECT nspname || '.' || relname AS "relation", pg_size_pretty(pg_total_relation_size(C.oid)) AS "total_size" FROM pg_class C LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace) WHERE nspname NOT IN ('pg_catalog', 'information_schema') AND C.relkind <> 'i' AND nspname !~ '^pg_toast' ORDER BY pg_total_relation_size(C.oid) DESC LIMIT 20;

# Check which tables are occupying more space 
# The tables names which contains cumulative_score can be removed to free up some space.
\q

 

Alternatively, using the commands below can also assist in checking the size of large directories in CMDB:


du --max-depth=3 -xh /cmdb | sort -hr | head -n 20

 

The best practice for preventing the CMDB partition from reaching full is to increase the CMDB disk extension.

Perform the following steps to increase the CMDB under the current disk size. It is recommended to add at least 100G to the existing size.

Identify the following disk size by using the command 'lsblk'.

 

The following is an example of increasing the CMDB of the disk size in my lab environment.

 

  1. Go to the Hypervisor and increase the size of /cmdb disk.
  2. '# ssh' into the supervisor as root.

 

lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
...
sde 8:64 0 60G 0 disk << old size
└─sde1 8:65 0 60G 0 part /cmdb
...
yum -y install cloud-utils-growpart gdisk
 # growpart /dev/sde 1
CHANGED: partition=2 start=50782208 old: size=144529408 end=195311616 new: size=473505759 end=524287967
lsblk

Changed the size to 220GB for example:
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
...
sde 8:16 0 220G 0 disk <<< NOTE the new size for the disk in /cmdb
└─sde1 8:65 0 220G 0 part /cmdb
...

xfs_growfs /dev/sde1

meta-data=/dev/sde1 isize=512 agcount=4, agsize=4516544 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1
data = bsize=4096 blocks=18066176, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=8821, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 18066176 to 59188219

df -hz

Filesystem Size Used Avail Use% Mounted on
...
/dev/sde1 226G 6.1G 220G 3% / << NOTE the new disk size
Labels:
2646
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.