|
First and foremost, use the status command to print out the Inode Usage percentage statistics (along with other useful system information:
FortiSandbox> status
System:
Version: v4.4.3-build0380 (GA)
Serial Number: FSAVM0XXXXXXXXXX
FSA-VM License: Valid
System Time: Fri May 31 09:51:53 2024 PDT
HDD Data Disk:
Used: 240 GB
Inode Usage: 100.00%
File System Size: 392 GB
File System Check: Clean
Boot Disk:
File System Check: Clean
Image Status Check: OK
Windows VM: Initialized
VM Internet Access: On
FortiSandbox>
Inode Usage is reported on the FortiSandbox as a percentage statistic of the total number of inodes available to be allocated. As a primer, an inode is a filesystem data structure that stores metadata about a file (i.e. for each data file there is a corresponding inode that contains metadata about that file).
On the FortiSandbox, Inode Usage correlates with the number of files/jobs that are stored on-disk, though it is important to note that the size of the file has no relation to the number of inodes utilized (i.e. one large file uses one inode, and one tiny file also only uses one inode).
Note: Generally speaking, relatively-high Inode Usage is considered to be around 70% or greater. Refer to the section below regarding known-issues related to high Inode Usage.
Known Issues regarding Inode Usage:
There is a Critical Known Issue in FortiSandbox 4.4.3 through 4.4.0 where Inode Usage can become extremely high when the system is handling a high number of small scanning jobs (e.g. millions of small jobs consuming a high number of inodes). If Inode Usage becomes too high then static analysis may hang and the FortiSandbox may become unreachable via the Web GUI.
The above issue is tracked by Issue IDs #973247 and #974250, as well as #974392, and these issues have been resolved in FortiSandbox 4.4.4 and later (with improvements being made to how quickly/efficiently FortiSandbox handles job cleanup). See also:
Managing Inode Usage:
However, it is important to note that Inode Usage is dependent on multiple factors, including:
- The total number of inodes available.
- The rate of inode consumption (i.e. the job allocation rate).
- The rate of inode freeing (e.g. deleting old jobs/files to make room for new entries).
For example, the total number of inodes available in the filesystem derived from the size the disk storage, with the general logic being X number of bytes == one inode. As a point of reference, the EXT3 filesystem generally has 1x inode per 256bytes of storage, and so increasing the size of the disk storage on the FortiSandbox (followed by running the resize-hd command and rebooting) can increase the total number of available inodes. This means that there are still benefits to increasing the amount of disk storage allocated to the FortiSandbox even when the actual disk space utilization is relatively low.
For the rate of inode consumption, this is something that will have to be measured by the administrator since it is wholly dependent on the production environment utilization (i.e. increasing the number of jobs/scans produces a commensurate increase in inode usage).
Finally, when it comes to freeing inodes it is a good idea to follow the guidance of the FortiSandbox Best Practices documentation. In particular, the section on Maintaining Storage Integrity has guidance on changing the period at which job deletion is executed.
As a last resort, it is possible to use the cleandb command on FortiSandbox to clean up/delete the internal database and job information (which can help if Inode Usage is seriously impacting FortiSandbox functionality.
|
