Hi, everyone,
I would appreciate your assistance.
I have FORTIANALYZER version 6.4.10 divided into 4 ADOMS.
In the main ADOM, to which most of the organization's machines are associated (50 machines), I can see logs for up to 31 days.
In another ADOM, to which only 6 machines are associated, I define that I want to see logs of 31 days back and in practice it only shows me up to 4 days.
In terms of STORAGE INFO, I am shown the following data:
When I try to change the settings of the ALLOCATED DISK UTILIZATION it shows me the following error: although in practice from what I understand I have a maximum of 7.2TB free space.
I would be happy to help with this :)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You have a total of 7.2TB storage, but you are trying to configure 8TB (8000 GB) and that's the reason for error. Also, as per the shared output the current usage is 6TB which means and there is possibility that the older logs are deleted by the system. Since your 4 days of logs itself is filling 6TB of storage, there is a high chance the older logs will be of similar size and the system deletes the oldest logs when the usage is ~95%,
first, thank you very much! @srajeswaran
so the solution is to add more disk to the VM machine?
I would suggest you to validate if the logs that you are getting is genuine or not.If the log rate is genuine, yes you will have to increase the storage.
Also, we can change the analytics:archive ratio (currently its 90:10), to may be 70:30 (default )
Hi, thanks again.
Another question please.. how/where can I change the total of the "Allocated Storage" of this specific ADOM?
You can do it from system settings. Edit the specific ADOM and change the values (Disk Utilization > Allocated - change this value).
I mean after I add more disk space, how can I specify it to the specific ADOM?
do I need to do a restart?
how can I edit the "Maximum Available"?
Thanks
You need to run "execute lvm extend" . Please refer to following article for more details - https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Extending-disk-space-in-FortiAnalyzer-...
Hi, I added 4T to the fortianalyzer.
I did everything according to the article that you sent me, and still, I can see logs for only 4 days..
is there something that I miss?
Can you check if there are files archived under "log view > Log Browse" ?
https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/2100_Log_view/0800_Log_browse/0000_Log_browse....
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1028 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.