Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
analystOps
New Contributor

Created on ‎08-25-2025 05:39 PM

Fortianalyzer analytics logs exceeding the configured disk quota

Hi

 

Fortianalyzer VM running on v7.0.3 facing issue related to analytics logs exceeding the configured disk quota.

 

It has been identified that one of our ADOM's is using more disk space for analytics usage than configured. In the Data policy - Keep Logs for Analytics is 60 days & Keep Logs for Archive is 365 DAys. I have enable alert and Delete When Usage Reaches 80%.

 

How can I solve the following case, returning the analytics logs to the maximum configured size?Analytics Usage.png

Labels:
111
0 Kudos
3 REPLIES 3
Jean-Philippe_P
Moderator
Moderator

Created on ‎08-28-2025 04:03 AM

Hello analystOps, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
62
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎08-28-2025 11:35 PM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
50
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎08-29-2025 05:52 AM

Hello again analystOps,

 

I found this solution. Can you tell me if it helps, please?

To address the issue of analytics logs exceeding the configured disk quota on your FortiAnalyzer VM running v7.0.3, follow these steps:

 

  1. Verify ADOM Quota Utilization:
    - Go to System Settings -> Storage Info and select the ADOM in question.
    - Check the utilization for both Analytics and Archive.

  2. Monitor Log Rate:
    - Use the CLI command `diagnose fortilogd lograte` to monitor the log rate per second.
    - Identify which devices are sending a high volume of logs using `diag fortilogd lograte-device`.

  3. Adjust Data Retention Policy: Consider reducing the "Keep Log for Analytics" period from 60 days to a lower value if feasible, to reduce storage usage.

  4. Enable Alerts and Automatic Deletion: Ensure that alerts and automatic deletion are configured correctly to trigger when usage reaches 80%.

  5. Optimize Log Handling:
    - Reduce unnecessary logs being sent to FortiAnalyzer by adjusting log settings on the devices.
    - Refer to the article on minimizing logging from FortiGate to FortiAnalyzer for guidance.

  6. Expand Disk Space: If possible, expand the disk space or allocate more space to the ADOM if the physical or virtual environment allows it.

  7. Review and Adjust Storage Allocation: In the ADOM edit interface, adjust the storage allocation between Analytics and Archive as needed.

 

By following these steps, you should be able to manage the disk space usage effectively and return the analytics logs to the maximum configured size.

Jean-Philippe - Fortinet Community Team
35
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.