Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Travis
New Contributor

FortiAnalyzer VM Growing Disk Space

I was running out of disk space on my FortiAnalyzer VM, so my VM Admin doubled up the space.  I did a reboot and it did not see the increase, so I upgraded it to 5.0.10, and it still does not see the increase in space.  

 

What do I need to do for it to recognize the expanded disk space?

 

Thank all of you for any assistance!

 

Travis

Network Administrator Technical Consumer Products, Inc.

Network Administrator Technical Consumer Products, Inc.
3 Solutions
FortiAdam
Contributor II

Based on my experience with Fortinet support, you will need to reformat your disk for the FAZ to recognize the new space.  

 

It would be better to just add a second disk to your FAZ and then you can "extend" your disk space which basically just means the FAZ sees the two disks as one.  It would appear as though you can do this with up to 8 disks total.

 

If you have to format the disk you can so by running "execute format disk" but be aware of the repercussions.

 

If you want to extend your storage into a second disk:

1.  Verify LVM is started - "execute LVM start"

2.  See if second disk is recognized - "execute lvm info"

3.  Extend storage - "execute lvm extend diskXX"

4.  Rebuild DB after reboot "execute sql-local rebuild-db"

View solution in original post

brazz_FTNT

bhwong wrote:

Instead of adding a new disk, I increase the capacity of the existing disk. Is it possible to extend the existing disk capacity in FAZ?

 

+++++++++++++++++++++++++++++++++++++

Hello bhwong,

 

You need to format your disk , 

 

check  execute lvm info  on your FAZ 

if you increase the current disk,  the FMG/FAZ VM says the extra space cannot be used unless  format performs. 

 

I would suggest you go over these carefully: VM Installation Guide

 

Extending disk space in FortiAnalyzer VM / FortiManager VM

View solution in original post

brazz_FTNT

Hello bhwong, 

 

Thanks for the outputs. 

 

As you can see based  on the provided results:

I)FortiAnalyzer-VM # execute lvm info Disk1 : Used 31GB Disk2 : Used 178GB 209GB

 

II)FortiAnalyzer-VM # get system status Disk Usage : ... Total 196.73GB

III)FortiAnalyzer-VM # get system performance Hard Disk: Total: 206,285,496 KB --->206,285,496/(1024*1024)GB--->196.7291794GB~196.73GB

IV)FortiAnalyzer-VM # diagnose log device Total Quota Summary: Total Quota Allocated Available Allocate% 157.7GB 150.0GB 7.7GB 95.1%

System Storage Summary: Total Used Available Use% 196.7GB 36.2GB 160.6GB 18.4% Reserved space: 39.0GB (19.8% of total space).

 

 

Total Quota(This  is the one we use for our logs)=Total Storage Summary - Reserved Space =196.7GB-39.0GB=157.7GB

We have couple of points here:

(I) is showing the entire physical disk size. 

(II) , (III) , and (IV) (Total Storage) are showing same number. 

(IV) also shows us the Total Quota which is the one we can use for logging purposes. 

 

We can try adding another disk to this VM , let's say  for example another 50 GB for now. 

Let me know about the results. 

 

Cheers

View solution in original post

16 REPLIES 16
brazz_FTNT

Hello bhwong, 

 

If you do not mind, I would like to see the result of below commands first :

[ul]
  • get system status
  • get system performance
  • diagnose log device
  • diagnose hardware info
  • execute lvm info[/ul]

    Thanks 

  • bhwong

    Sure:

     

    FortiAnalyzer-VM # get system status Platform Type : FAZVM64 Platform Full Name : FortiAnalyzer-VM64 Version : v6.0.2-build0205 180813 (GA) Serial Number : FAZ-VM0000016459 BIOS version : 04000002 Hostname : FortiAnalyzer-VM Max Number of Admin Domains : 10000 Admin Domain Configuration : Disabled Branch Point : 0205 Release Version Information : GA Current Time : Tue Sep 25 09:41:57 MYT 2018 Daylight Time Saving : Yes Time Zone : (GMT+8:00) Kuala Lumpur, Singapore. x86-64 Applications : Yes Disk Usage : Free 160.57GB, Total 196.73GB File System : Ext4 License Status : Valid

    FortiAnalyzer-VM # get system performance CPU: Used: 3.72% Used(Excluded NICE): 3.72% %used %user %nice %sys %idle %iowait %irq %softirq CPU0 5.75 4.93 0.00 0.41 94.25 0.21 0.00 0.21 CPU1 2.47 1.65 0.00 0.62 97.53 0.21 0.00 0.00 Memory: Total: 6,133,980 KB Used: 3,158,976 KB 51.5% Hard Disk: Total: 206,285,496 KB Used: 27,413,948 KB 13.3% IOStat: tps r_tps w_tps r_kB/s w_kB/s queue wait_ms svc_ms %util sampling_sec 5.4 0.6 4.9 35.0 268.0 0.0 7.7 1.1 0.2 319149.21 Flash Disk: Total: 499,656 KB Used: 112,644 KB 22.5% IOStat: tps r_tps w_tps r_kB/s w_kB/s queue wait_ms svc_ms %util sampling_sec 0.0 0.0 0.0 0.0 0.0 0.0 8.2 2.2 0.0 319149.31

    FortiAnalyzer-VM # diagnose log device Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used% AQBAL_FG60D FGT60D4614031499 104.2MB( 104.2MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a AQJC_FG100D FG100D3G15815482 419.3MB( 419.3MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a AQLAV_FG80C FGT80C3913622196 193.4MB( 193.4MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 19.3% AQLI_80E FGT80E4Q17001413 1.0MB( 1.0MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a AQPL_FG100D FG100D3G14815673 1.0MB( 1.0MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a AqJB FG100D3G13814478 143.3MB( 143.3MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 14.3% DC_FG110D FGHA000907780240_CID 542.0MB( 542.0MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 54.2% |- HA cluster member: FG100D3G16808611 HQ_FG100D FG100D3G16808517 118.6MB( 118.6MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a M1_100E FG100E4Q17021238 1.0MB( 1.0MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a SFP_81E FGT81E4Q17000729 2.0MB( 2.0MB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a tacc_FG80C FGT80C3911615643 7.3MB( 7.3MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 0.7% Total: 11 log devices, used=1.5GB quota=3.9GB

    AdomName AdomOID Type Logs Database [Retention Quota UsedSpace(logs / quarantine / content / IPS) Used%] [Retention Quota Used Used%] root 3 FGT 1936days 60.0GB 1.5GB( 1.5GB/ 0.0KB/ 0.0KB/ 0.0KB) 2.5% 1676days 90.0GB 16.8GB 18.7% Total usage: 1 ADOMs, logs=1.5GB database=17.5GB(ADOMs usage:16.8GB + Internal Usage:768.7MB)

    Total Quota Summary: Total Quota Allocated Available Allocate% 157.7GB 150.0GB 7.7GB 95.1%

    System Storage Summary: Total Used Available Use% 196.7GB 36.2GB 160.6GB 18.4%

    Reserved space: 39.0GB (19.8% of total space).

    FortiAnalyzer-VM # diagnose hardware info

    ### CPU info processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 58 model name : Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz stepping : 0 microcode : 0x42c cpu MHz : 2800.000 cache size : 25600 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl tsc_reliable nonstop_tsc pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm arat bugs : cpu_meltdown spectre_v1 spectre_v2 bogomips : 5600.00 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management:

    processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 58 model name : Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz stepping : 0 microcode : 0x42c cpu MHz : 2800.000 cache size : 25600 KB physical id : 2 siblings : 1 core id : 0 cpu cores : 1 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl tsc_reliable nonstop_tsc pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm arat bugs : cpu_meltdown spectre_v1 spectre_v2 bogomips : 5600.00 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management:

    ### Memory info MemTotal: 4057444 kB MemFree: 188592 kB MemAvailable: 1737432 kB Buffers: 87964 kB Cached: 2310372 kB SwapCached: 44644 kB Active: 2202940 kB Inactive: 946096 kB Active(anon): 1132820 kB Inactive(anon): 552836 kB Active(file): 1070120 kB Inactive(file): 393260 kB Unevictable: 444872 kB Mlocked: 444872 kB SwapTotal: 2076536 kB SwapFree: 427832 kB Dirty: 1008 kB Writeback: 0 kB AnonPages: 1154144 kB Mapped: 913100 kB Shmem: 934928 kB Slab: 145972 kB SReclaimable: 115196 kB SUnreclaim: 30776 kB KernelStack: 5888 kB PageTables: 95784 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 4105256 kB Committed_AS: 21222260 kB VmallocTotal: 34359738367 kB VmallocUsed: 0 kB VmallocChunk: 0 kB DirectMap4k: 12224 kB DirectMap2M: 4182016 kB

    ### Disk info major minor #blocks name

    1 0 4096 ram0 1 1 4096 ram1 1 2 4096 ram2 1 3 4096 ram3 7 0 10240 loop0 8 0 8388608 sda 8 1 524288 sda1 8 16 31457280 sdb 8 17 31455238 sdb1 8 32 178257920 sdc 253 0 209707008 dm-0

    ### RAID info N/A

    ### System time local time: Tue Sep 25 09:41:22 2018 UTC time: Tue Sep 25 01:41:22 2018

    FortiAnalyzer-VM # execute lvm info LVM Status: OK

    Disk1 : Used 31GB Disk2 : Used 178GB Disk3 : Unavailable 0GB Disk4 : Unavailable 0GB Disk5 : Unavailable 0GB Disk6 : Unavailable 0GB Disk7 : Unavailable 0GB Disk8 : Unavailable 0GB Disk9 : Unavailable 0GB Disk10 : Unavailable 0GB Disk11 : Unavailable 0GB Disk12 : Unavailable 0GB Disk13 : Unavailable 0GB Disk14 : Unavailable 0GB Disk15 : Unavailable 0GB

    brazz_FTNT

    Hello bhwong, 

     

    Thanks for the outputs. 

     

    As you can see based  on the provided results:

    I)FortiAnalyzer-VM # execute lvm info Disk1 : Used 31GB Disk2 : Used 178GB 209GB

     

    II)FortiAnalyzer-VM # get system status Disk Usage : ... Total 196.73GB

    III)FortiAnalyzer-VM # get system performance Hard Disk: Total: 206,285,496 KB --->206,285,496/(1024*1024)GB--->196.7291794GB~196.73GB

    IV)FortiAnalyzer-VM # diagnose log device Total Quota Summary: Total Quota Allocated Available Allocate% 157.7GB 150.0GB 7.7GB 95.1%

    System Storage Summary: Total Used Available Use% 196.7GB 36.2GB 160.6GB 18.4% Reserved space: 39.0GB (19.8% of total space).

     

     

    Total Quota(This  is the one we use for our logs)=Total Storage Summary - Reserved Space =196.7GB-39.0GB=157.7GB

    We have couple of points here:

    (I) is showing the entire physical disk size. 

    (II) , (III) , and (IV) (Total Storage) are showing same number. 

    (IV) also shows us the Total Quota which is the one we can use for logging purposes. 

     

    We can try adding another disk to this VM , let's say  for example another 50 GB for now. 

    Let me know about the results. 

     

    Cheers

    bhwong

    I always assume the first 8GB disk was for the system usage, not the 30+GB that is for data storage. I have added another 50GB and got 196GB now, slightly lesser than expected.

     

    At the Device Log Settings, there is also a Roll log file when size exceeds 200MB. Should this be increased since there is 200GB available now? Or the main storage consumption isn't used by the logs but the analyser output?

    brazz_FTNT

    Hello bhwong,

     

    Thanks for the update. 

     

     

    I always assume the first 8GB disk was for the system usage, not the 30+GB that is for data storage. 

     

     

    Yes, actually ,  that is the case .

     

     

    The FortiAnalyzer VM requires at least two virtual hard disks. Before powering on the FortiAnalyzer VM, you must add at least one more virtual hard disk. The default hard drive, faz.vhd, contains the operating system. The second hard drive is used for logs.

     

    Please check (([link=https://docs.fortinet.com/uploaded/files/4365/FortiAnalyzer-VM-Install-Guide.pdf]To configure the virtual hard disk--->P{21}[/link])) for more info.

     

     

    Can I see the results of below now ?

     

    [ul]
  • get system status
  • get system performance
  • diagnose log device
  • execute lvm info[/ul]

     

     

     

     

     At the Device Log Settings, there is also a Roll log file when size exceeds 200MB. Should this be increased since there is 200GB available now? Or the main storage consumption isn't used by the logs but the analyser output?

    This is depends on what you are looking for. If you set it to lower size it will roll the log file in smaller size . I would say let's keep it as default for now.

     

    For more details on this I would encourage you to review this (([link=https://docs.fortinet.com/uploaded/files/4592/FortiAnalyzer-6.0.2-Administration-Guide.pdf]Roll logs when they reach a specific size--->P{188}[/link])).

     

    Thanks  

     

  • bhwong

    Thanks for the manuals. Unfortunately I don't have the luxury of time to read thru them in details.

     

    btw, I have only enable one network port. What is the purpose for having 4 network ports? 

     

    Attached is the output requested.

     

    brazz_FTNT

    Hello bhwing, 

    Thanks for your reply.

     

    btw, I have only enable one network port. What is the purpose for having 4 network ports? 

    It is actually depends on your network design, let's say you would like to have a dedicated management IP to your FAZ then you may configure another port on FortiAnalyzer as the logging interface. In that case,  you need to  assign specific IPv4 or IPv6 static routes to a different gateway, so that packets are delivered by a different route. 

     

     

    Also please make sure the extra space has been allocated to the ADOM. 

    Go to System Setting --->All ADOMs---> Select root--->edit--->Check the Disk Utilization

     

    Cheers

     

     

     

    Labels
    Top Kudoed Authors