Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sunilp
New Contributor

Created on ‎01-21-2015 02:30 AM

Disk usage full and not getting logged on fortianalyzer

Hello All,

 

After upgrading the firewall and fortianalyzer to v5.0.9 we are facing issues on high CPU utilization and the local disk usage is 90%. Please let me know what could be the reason.

 

 

Regards,

Sunil 

6864
0 Kudos
2 REPLIES 2
Christopher_McMullan
Staff
Staff

Created on ‎01-21-2015 07:05 AM

Hello,

 

Did you rebuild the database on the FortiAnalyzer after the upgrade completed, and do you notice whether any new logs have appeared since the FortiGate finished its own upgrade?

 

It sounds like (whether Store-and-Forward or in Realtime) the FortiGate is caching logs locally it means to send to the FAZ, but the connection is currently down.

 

The best way to tell, if you don't have reliable transport of logs enabled, is to sniff for traffic between FGT and FAZ on 514/udp:

 

di sniff pack any "host w.x.y.z and host a.b.c.d and port 514 and proto 17" 4

 

-Replace w.x.y.z with the FGT IP

-Replace a.b.c.d with the FAZ IP

-Proto 17 is for UDP traffic only; proto 6 would mean TCP, or control traffic

Regards, Chris McMullan Fortinet Ottawa

1569
0 Kudos
Dave_Hall
Honored Contributor

Created on ‎01-21-2015 07:08 AM

I'm going to assume you have followed the recommended firmware upgrade path?  If you read the the firmware patch notes on some of the firmwares, they list caveats about possible needing to reformat the log disk on certain Fortigate models (and/or between certain firmwares like going from 4.0.x to 5.x).  I know on some of the upgrades, there is a warning (in the patch notes) about FortiAnalyer logging defaulting to store and upload -- you may want to change this to real time.  Also, you may want to review some of the disk logging options, specify the diskfull (overwrite) and upload delete options.

 

 

 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
114 KB
1569
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.