FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
This article describes how to clear all FortiSOAR logs, even though purging of workflow logs is configured in the following cases:
- The pgSQL database is full.
- PostgreSQL is unavailable due to no space.
- The purging of workflow logs gets hung and is not able to complete.
To resolve this issue, it is possible to clean all the workflow logs and then tune the logging levels on playbooks, such as changing the logging levels of heavy playbooks from ‘DEBUG’ to ‘INFO’.
Scope
All versions of FortiSOAR.
Solution
To clean all the workflow logs, do the following:
1) SSH to the FortiSOAR VM and log in as a root user.
2) Connect to the PostgreSQL database using the following command:
psql -U cyberpgsql -d sealab;
3) Run the following command:
truncate workflow_workflow cascade;
Important.
Running this command cleans the complete workflow execution history.
