Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎09-27-2016 07:05 AM Edited on ‎06-02-2022 09:44 AM By Anonymous

Article Id 191158

Technical Note: [Accelops KB] How to set up large local disk for AO-VA

Description

Summary of Topic

For storing events for a long time, customer must have large disk space for event storage (eventdb in Accelops VA). There are two ways to do it.

  • First and the best way, customer can install eventdb on dedicated NFS server, such as NetApp. As a NFS mount point, Accelops VA doesn't have any restriction on the size of the NFS volume and customer can add new disks to the NFS server without impacting the operation of Accelops VA.
  • Customer can also have large disk space on local storage. But Accelops VA is running on VMware ESX which has 2TB disk space limitation. VMware ESX can not recognize hard disk (or RAID) more than 2TB and can not create virtual disks more than 2TB.

This document explains how to support disks more than 2TB in Accelops VA. But be sure you communicate to customer that, because we stripe all disks together as software RAID 0, any disk fails will cause the full file system unrecoverable crash. Customer has to take their own risk.

Assume:

  • Customer has a server with three disks (physical disks or VMDK): 1X160GB, 2X2TB

Goal:

  • Accelops VA will install on 160GB disk
  • Customer data will be installed on the two 2TB disks as a logic volume, which is 4TB total

Steps

  • Setup ESX and add the three disks to datastore. Name the 160GB disk as LD01, other two as LD02 and LD03
  • Refer to Accelops VA installation document to import VA on local datastore LD01
  • Add LD02 and LD03 as new virtual disks on ESX for Accelops VA.
  • Start Accelops VA and accept the license until the VMware console appears. Before go for any other configuration, finish the following steps to create a logic volume including LD02 and LD03.
    • Login the system with root account, the default password is ProspectHills
    • Run "fdisk -l" and you will display the disk info as following
      Disk /dev/sda: 42.9 GB, 42949672960 bytes
        255 heads, 63 sectors/track, 5221 cylinders
        Units = cylinders of 16065 * 512 = 8225280 bytes
       
         Device Boot      Start         End      Blocks   Id  System
        /dev/sda1   *           1          16      12848883  Linux
        /dev/sda2              17         799     628944782  Linux swap / Solaris
        /dev/sda3             800        5221    35519715   83  Linux
       
        Disk /dev/sdb: 1946.1 GB, 1946135581696 bytes
        255 heads, 63 sectors/track, 236604 cylinders
        Units = cylinders of 16065 * 512 = 8225280 bytes
       
        Disk /dev/sdb doesn't contain a valid partition table
       
        Disk /dev/sdc: 1990.1 GB, 1990116046848 bytes
        255 heads, 63 sectors/track, 241951 cylinders
        Units = cylinders of 16065 * 512 = 8225280 bytes
       
        Disk /dev/sdc doesn't contain a valid partition table
  • Create physical volume: pvcreate /dev/sdb
    Physical volume "/dev/sdb" successfully created
  • Create physical volume: pvcreate /dev/sdc
    Physical volume "/dev/sdc" successfully created
  • Create volume group: vgcreate vg1 /dev/sdb /dev/sdc
    Volume group "vg1" successfully created
  • Run 'vgdisplay vg1 | grep "Total PE"'
    Total PE              938474
  • Create logic volume: lvcreate -n lg1 -l 938474 vg1
    Logical volume "lg1" created
  • Format Logical volume lg1: mkfs /dev/vg1/lg1
    mke2fs 1.39 (29-May-2006)
      Filesystem label=
      OS type: Linux
      Block size=4096 (log=2)
      Fragment size=4096 (log=2)
      480509952 inodes, 960997376 blocks
      48049868 blocks (5.00%) reserved for the super user
      First data block=0
      Maximum filesystem blocks=4294967296
      29328 block groups
      32768 blocks per group, 32768 fragments per group
      16384 inodes per group
      Superblock backups stored on blocks:
            32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
            4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
            102400000, 214990848, 512000000, 550731776, 644972544
      Writing inode tables:  1350/29328
  • Exit the Linux console and go back to VMware console, then still follow Accelops VA installation document to finish Accelops VA setup. Make sure you put "/dev/vg1/lg1" in the question about data mount point. The default one is "/dev/sdb".

 

Version Application

All

 

 

Labels:
1743
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.