I keep getting the following warning message about every 1 hours. "Requested to trim database tables older than 442days to enforce the auto-delete policy for Adom FortiAnalyzer."
Other information:
1) The system has only been running for about 40 days
2) this is analyzer v5.4.0-build1019 160217 (GA)
3) this is a VM running in AWS
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
can you help do a check for below config?
config system auto-delete config log-auto-deletion set status enable set value xx set when xx end end
and before upgrade to 5.4, is there old logs from old build?
Thanks
Simon
I ran the following command
config system auto-delete config log-auto-deletion set status enable set value 400 set when month 12 end end
Yes there were old logs from 5.2 but not longer than 40 days. I just upgraded last week.
can you provide "diag log device"?
by the way, "set when month 12" this seems not correct config, maybe "set when month"?
Thanks
Simon
FAZVM64-AWS # diag log device
Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used%
43.1MB( 43.1MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 4.3%
J 45.3MB( 45.3MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 4.5%
51.9MB( 51.9MB/ 0.0KB/ 0.0KB/ 0.0KB) 1000.0MB 5.2%
Total: 3 log devices, used=140.3MB quota=2.9GB
AdomName AdomOID Type Logs Database
[Retention Quota UsedSpace(logs / quarantine / content / IPS) Used%] [Retention Quota Used Used%]
root 3 FGT 442days 14.0GB 140.3MB( 140.3MB/ 0.0KB/ 0.0KB/ 0.0KB) 1.0% 442days 21.0GB 1.9GB 9.2%
Total usage: 1 ADOMs, logs=140.3MB database=2.0GB(ADOMs usage:1.9GB + Internal Usage:111.4MB)
Total Quota Summary:
Total Quota Allocated Available Allocate%
63.7GB 35.0GB 28.7GB 54.9%
System Storage Summary:
Total Used Available Use%
78.7GB 7.2GB 71.5GB 9.2 %
Reserved space: 15.0GB (19.0% of total space).
Here is also the show from log-auto deletion
(log-auto-deletion)# show
config log-auto-deletion
set status enable
set value 400
set when months
end
your output looks a little weird, the log says for "to enforce the auto-delete policy for Adom FortiAnalyzer.", but output only has root ADOM and missing other default ADOMs (like FWB, FML etc)
event log is not triggered from auto delete config, but from ADOM policy config
can you help do a check for "diag dvm device list" and "daig dvm adom list"?
and this FAZVM AWS upgraded from which 5.2 build?
Thanks
Simon
Data request below, I removed S/N/ IP and Names
Connected
FAZVM64-AWS # diagnose dvm adom list
There are currently 12 ADOMs:
OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS
107 enabled FAZ 5.0 2 FortiAnalyzer Normal Policy & Device VPNs N/A
111 enabled FCH 3.0 0 FortiCache Normal Policy & Device VPNs N/A
103 enabled FOC 5.0 2 FortiCarrier Normal Policy & Device VPNs N/A
113 enabled FCT 5.0 0 FortiClient Normal Policy & Device VPNs N/A
141 enabled FDD 4.0 1 FortiDDoS Normal Policy & Device VPNs N/A
105 enabled FML 5.0 0 FortiMail Normal Policy & Device VPNs N/A
116 enabled FMG 5.0 2 FortiManager Normal Policy & Device VPNs N/A
118 enabled FSA 2.0 0 FortiSandbox Normal Policy & Device VPNs N/A
109 enabled FWB 5.0 0 FortiWeb Normal Policy & Device VPNs N/A
114 enabled LOG 0.0 0 Syslog Normal Policy & Device VPNs N/A
102 enabled unknown 5.0 2 others Normal Policy & Device VPNs N/A
3 enabled FOS 5.0 2 root Normal Central VPN Console N/A
---End ADOM list---
FAZVM64-AWS # diag dvm device list
There are currently 3 devices/vdoms managed:
TYPE OID SN HA IP NAME ADOM IPS FIRMWARE
faz enabled 130 FXXXXX - XXXX POC 1 root N/A 5.0 MR4 (1011)
|- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown
|- vdom:[3]root flags:0 adom:root pkg:[never-installed]
faz enabled 135 FWXXXX - 2XXX POC 2 root N/A 5.0 MR2 (711)
|- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown
|- vdom:[3]root flags:0 adom:root pkg:[never-installed]
faz enabled 125 FXXXX- XXX POC 3 root N/A 5.0 MR2 (701)
|- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown
|- vdom:[3]root flags:0 adom:root pkg:[never-installed]
---End device list---
thanks, pls go to System settings - Dashboard - System information widget, enable "Administrative Domain" and then go to System settings - All ADOMs or Storage Info page, check what is the policy and quota config/usage for default "FortiAnalyzer" ADOM?
Thanks
Simon
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.