Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎09-28-2016 02:54 AM Edited on ‎04-06-2022 11:05 AM By Anonymous

Article Id 192752

Technical Note: [Accelops KB] Informational - Running out of space on VM

Description

Summary of Topic

If you are running out of space on your local VM you have a few options

 

Solution Steps

1.  Do nothing and allow AccelOps to automatically purge the event data.  

Once AO detects less than 10 GB of free space it will automatically purge events, starting with the oldest data first.  Once the free space on /data reaches more than 20 GB free space event purging stops.
Note the purged events are completely deleted from the database and you cannot get them back.

 

2. Manually purge events.

Refer to the related KB article "How to purge, delete, remove, truncate events older than 'x' days".

Note the purged events are completely deleted from the database and you cannot get them back.

 

3.  Increase the size of the local VM disk.  

Note: VMware has a limitation on disk size of 2 TB. 

If that is not enough you can also use two 2 TB VMware disks to create a stripe disk that is 4 TB. 

Refer to the related KB article "How to set up large local disk for AO-VA".

Refer to the related KB article "How to increase size of local VM disk" for instructions on how to move your data from the existing local disk to a larger local disk.


4.  Move your data store to an NFS disk.

This option bypasses the VMware disk size limitation. 

Refer to the related KB article "How to migrate data to NFS share".

 

5. Archive data.  This functionality is available via the Web UI.

Refer to the AccelOps User's Guide for more instructions.
 

Additional Information

1) AO has a system rule to monitor free event data storage.  It triggers if there is less than 20 GB of space available.  An Incident called "System Warning: Low Storage", with the description " Detects the free space of the file system containing the folder /data/eventdb used for storing events is lower than 20GB", is also generated.
 
2) You can check disk space from an ssh session to the VA with the following command.
 
# df -h
 

Version Application

All


Related Articles

Technical Note: [Accelops KB] How to purge, delete, remove, truncate events older than 'x' days

Technical Note: [Accelops KB] How to set up large local disk for AO-VA

Technical Note: How to migrate data to NFS share - INTERNAL

Labels:
2348
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.