- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- System event Requested to trim database tables
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
System event Requested to trim database tables
I keep getting the following warning message about every 1 hours. "Requested to trim database tables older than 442days to enforce the auto-delete policy for Adom FortiAnalyzer."
Other information:
1) The system has only been running for about 40 days
2) this is analyzer v5.4.0-build1019 160217 (GA)
3) this is a VM running in AWS
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you help do a check for below config?
config system auto-delete config log-auto-deletion set status enable set value xx set when xx end end
and before upgrade to 5.4, is there old logs from old build?
Thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran the following command
config system auto-delete config log-auto-deletion set status enable set value 400 set when month 12 end end
Yes there were old logs from 5.2 but not longer than 40 days. I just upgraded last week.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you provide "diag log device"?
by the way, "set when month 12" this seems not correct config, maybe "set when month"?
Thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAZVM64-AWS # diag log device
Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used%
43.1MB( 43.1MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 4.3%
J 45.3MB( 45.3MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 4.5%
51.9MB( 51.9MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 5.2%
Total: 3 log devices, used=140.3MB quota=2.9GB
AdomName AdomOID Type Logs Database
[Retention Quota UsedSpace(logs / quarantine / content / IPS) Used%] [Retention Quota Used Used%]
root 3 FGT 442days 14.0GB 140.3MB( 140.3MB/ 0.0KB/ 0.0KB/ 0.0KB) 1.0% 442days 21.0GB 1.9GB 9.2%
Total usage: 1 ADOMs, logs=140.3MB database=2.0GB(ADOMs usage:1.9GB + Internal Usage:111.4MB)
Total Quota Summary:
Total Quota Allocated Available Allocate%
63.7GB 35.0GB 28.7GB 54.9%
System Storage Summary:
Total Used Available Use%
78.7GB 7.2GB 71.5GB 9.2 %
Reserved space: 15.0GB (19.0% of total space).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is also the show from log-auto deletion
(log-auto-deletion)# show
config log-auto-deletion
set status enable
set value 400
set when months
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
your output looks a little weird, the log says for "to enforce the auto-delete policy for Adom FortiAnalyzer.", but output only has root ADOM and missing other default ADOMs (like FWB, FML etc)
event log is not triggered from auto delete config, but from ADOM policy config
can you help do a check for "diag dvm device list" and "daig dvm adom list"?
and this FAZVM AWS upgraded from which 5.2 build?
Thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Data request below, I removed S/N/ IP and Names
Connected
FAZVM64-AWS # diagnose dvm adom list
There are currently 12 ADOMs:
OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS
107 enabled FAZ 5.0 2 FortiAnalyzer Normal Policy & Device VPNs N/A
111 enabled FCH 3.0 0 FortiCache Normal Policy & Device VPNs N/A
103 enabled FOC 5.0 2 FortiCarrier Normal Policy & Device VPNs N/A
113 enabled FCT 5.0 0 FortiClient Normal Policy & Device VPNs N/A
141 enabled FDD 4.0 1 FortiDDoS Normal Policy & Device VPNs N/A
105 enabled FML 5.0 0 FortiMail Normal Policy & Device VPNs N/A
116 enabled FMG 5.0 2 FortiManager Normal Policy & Device VPNs N/A
118 enabled FSA 2.0 0 FortiSandbox Normal Policy & Device VPNs N/A
109 enabled FWB 5.0 0 FortiWeb Normal Policy & Device VPNs N/A
114 enabled LOG 0.0 0 Syslog Normal Policy & Device VPNs N/A
102 enabled unknown 5.0 2 others Normal Policy & Device VPNs N/A
3 enabled FOS 5.0 2 root Normal Central VPN Console N/A
---End ADOM list---
FAZVM64-AWS # diag dvm device list
There are currently 3 devices/vdoms managed:
TYPE OID SN HA IP NAME ADOM IPS FIRMWARE
faz enabled 130 FXXXXX - XXXX POC 1 root N/A 5.0 MR4 (1011)
|- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown
|- vdom:[3]root flags:0 adom:root pkg:[never-installed]
faz enabled 135 FWXXXX - 2XXX POC 2 root N/A 5.0 MR2 (711)
|- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown
|- vdom:[3]root flags:0 adom:root pkg:[never-installed]
faz enabled 125 FXXXX- XXX POC 3 root N/A 5.0 MR2 (701)
|- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown
|- vdom:[3]root flags:0 adom:root pkg:[never-installed]
---End device list---
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks, pls go to System settings - Dashboard - System information widget, enable "Administrative Domain" and then go to System settings - All ADOMs or Storage Info page, check what is the policy and quota config/usage for default "FortiAnalyzer" ADOM?
Thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Related Posts
- ZTNA Virtual Host not working 468 Views
- Collect custom application logs to fotiSIEM 538 Views
- Error downloading license: Invalid serial number 5481 Views
- FG-100D show EXT2-fs error 6563 Views
- Analyzer can't finish rebuilding Log DB 7552 Views
Labels
-
FortiGate
6,613 -
FortiClient
1,317 -
5.2
801 -
5.4
639 -
FortiManager
572 -
FortiAnalyzer
417 -
6.0
416 -
5.6
362 -
FortiSwitch
339 -
FortiAP
337 -
FortiClient EMS
269 -
6.2
251 -
FortiMail
248 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
152 -
6.4
128 -
FortiNAC
108 -
FortiGuard
103 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
74 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
63 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
26 -
SD-WAN
26 -
FortiConnect
24 -
High Availability
22 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiPortal
18 -
FortiAuthenticator
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.