FortiAnalyzer Retention Issue – Very Limited Analytics and Archive Logs Despite Long Uptime

ismailurek2 · ‎04-16-2025

Hello,

Our FortiAnalyzer has been running continuously for about 180 days, however:

- Analytics log is only 1 day,

- Archive log is kept for only 11 days.

- Disk occupancy is 85% (445 GB total available).

Our expectation was that these times would be much longer. No manual changes were made to the log retention settings.

I rebuilt FortiAnalyzer but then the day counts were updated as shown in the image below.

Best Regards,

İsmail Ürek

FortiAnalyzer

AEK · ‎04-16-2025

Hi Ismail

I see you need much more disk space than 445GB.

AEK

ismailurek2 · ‎04-16-2025

Hi @AEK,

Would this affect the number of days my archive and analytics logs are retained? There is still available disk space, and I should still be able to view historical archive and analytics logs, right?

Will I be able to see more archive and analytics logs if I increase the disk?

Best Regards,

İsmail Ürek

AEK · ‎04-17-2025

Hi Ismail

What is the amount of daily analytic logs?

If I understand well from the screenshot, the disk space is almost consumed, so the oldest logs are cleaned up in order to make space for today's logs.

AEK

Jeremy5385 · ‎04-18-2025

I had a similar issue a while back where I was asking why only a few days of logs for ~1,500Gb of storage. I ended up upping the CPU and memory quite a bit to fix the issue. I think the internal SQL database was staved and couldn't complete processing the logs. I would give this a try assuming you have the VM.

AEK · ‎04-19-2025

Than makes sense. Thanks for sharing, Jeremy.

AEK

FortiAnalyzer Retention Issue – Very Limited Analytics and Archive Logs Despite Long Uptime

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website