This article describes how to resolve disk warning alerts on FortiSIEM due to high disk usage on the /opt volume and provides a solution to identify and remove unnecessary files and increase disk space if needed.
Scope
FortiSIEM v7.x+.
Solution
To resolve disk warning alerts on FortiSIEM, follow these steps:
Check the disk usage on the /opt volume by running the command:
sudo du --max-depth=4 -xh /opt | sort -hr | head -n 30 <----- This will help identify the directories and files consuming the most disk space.
Investigate the /MachineLearning/ directory, as it may be filling up the /opt drive due to temporary files created by Machine Learning. Check if there are any Machine Learning jobs enabled in the FortiSIEM GUI by going to Resources -> Machine Learning Jobs.
If no Machine Learning jobs are enabled, it is safe to remove some of the files to increase disk space. Even though there is a cron job schedule in /etc/cron.d/fsm-crontab to run the phMLCacheCleaner.py, manual script running is possible with the command below:
