A core dump is a file that gets automatically generated by the Linux kernel after a program crashes. This file contains the memory, register values, and the call stack of an application at the point of crashing.

Firstly, list out all the coredump by running the commands below:

cd  /var/log/cyops/coredump
ls -lah

du -sh * 

It is safe to remove all core crash dump files from the folder /var/log/cyops/coredump 

Note: Do not delete the folder - only delete files inside the folder.

The files will look like the following:

core-!usr!lib!jvm!java-11-openjdk-11.0.11.0.9-1.el7_9.x86_64!bin!java-sig6-user991-group 988-pid1389-time1631026869

After deleting the core crash dump files, it is required to restart all services in FortiSOAR using command below:

csadm services --restart

Alternatively, it is also recommended to move it to another temporary location in other directories in FortiSOAR and delete it later on.

The last option to consider on resolving the high disk utilization of /var/log/cyops/coredump in FortiSOAR is extending the disk size of /var/log, for which the instructions in the following document can be referred to: Extending disk space in FortiSOAR.