Created on 01-18-2023 09:44 PM Edited on 01-18-2023 09:45 PM By Anthony_E
This article describes that ClickHouse is a distributed database with replication capabilities.
FortiSIEM Supervisor and Worker software images include ClickHouse binaries.
The user does not need to install anything else.
It is possible to configure a ClickHouse cluster from the FortiSIEM GUI.
The problem is that those same binaries and folders are in FortiSIEM Collectors which grow and take up used space.
Those folders in the collectors need to be removed and the ClickHouse server on the Collector needs to be stopped to prevent space consumption.
go to the following path and delete the folders that are taking up space:
>/var/lib/clickhouse>/var/log/clickhouse-server
Stop the Clickhouse server from generating more log flow:
# systemctl disable clickhouse-server
