using different ADOMs for different FortiOS Versions is only relevant for the Fortimanager features. In FAZ you can use 5.4 and 5.6 in the same ADOM, as there aren't major differences in terms of logging.
ADOMs in Fortianalyzer will only take care about the presentation of the data. Data will be only stored once.
We would like to migrate the machines to the new ADOM, even if there are no major differences in terms of logging, i think it will be a good practice.
What will be a good methodology for accomplish that ?
We can enter the 5.6 ADOM settings (under system settings -> All ADOMs ) and click on add device. This will give me a list of devices that are corrently on 5.4 ADOM and i can add them, but i am not sure what will happen?
Will it remove them from the other ADOM?
Will it migrate the old logs? [/ul]
As i said, we have a smaller disk for the 5.6 ADOM as it only had 1 device. Should we add another disk ? Can we resize the corrent disk?
what kind of product and software version are you using? FortiOS version in Fortianalyzer should only apply, if you have activated Fortimanager features... Or are you having a Fortimanager? A normal Fortianalyer should not bring a FortiOS version with its ADOMs.
- Yes the device will be removed from the other ADOM
- The storage demand will be recalculated, there is no physical movements on the logs... and there are no disks/ADOM
- You will just have to set your ADOM storage limits accordingly after moving.
When you move a device into a different ADOM, the archive (compressed) logs are migrated to that ADOM, but the analytics (indexed) logs do not migrate.
As such, you need to rebuild the ADOMs to move the analytics logs into the new ADOM and delete them from the old ADOM.
Before you move a device out of an ADOM, there is some information of which you should first be aware:
The disk quota set on the current ADOM (System Settings > All ADOMs)
Since disk quota is set per ADOM and not per device, you do not necessarily need to match the disk quota from the current ADOM to the new ADOM, because the new ADOM may contain less devices then the current one, for example. However, you do need to ensure your new ADOM will have enough space for the device you are moving into it.
The volume of logs (System Settings > Storage Info or # diagnose log device)
Although disk quota is set per ADOM, it is important to know the actual log volume associated with the device you are moving. You need to ensure the new ADOM, at minimum, has enough space to move the device's current logs. You will still need to select a disk quota with future logs in mind though.
Assuming you want the old logs (analytics logs) in the new ADOM so you can run reports against them, and no longer want to see the device logs in the old ADOM, you need to rebuild the new ADOM database and the old ADOM database.
Execute the following command to rebuild the two ADOMs and transfer the analytics logs.
# execute sql-local rebuild-adom NEW_ADOM OLD_ADOM
Running this command before and after the rebuild should show you the usage changes:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.