What happens if allotted disk space for FortiAnalyzer is full?
Uh oh. What happens when space runs out?
💡
This is part of an on-going series in cybersecurity foundations. Check the cyber 101 article tag index from time to time for more content.
FortiAnalyzer thrives on data. Data needs a place to live. So what happens when disk quotas fill up? That's easy:
- FortiAnalyzer generates an alert.
- By default, the oldest logs are overwritten (first in, first out).
That being said, admins can choose an alternative of forcing FortiAnalyzer to just stop logging new data all together (keeping the old data around). To implement that, a configuration needs to be entered:
# config system locallog disk setting
set diskfull nolog
endFor more information on this, please check out the following resources:
locallog | CLI Reference
Configuring Firewall for Log Roll Over when Disk Usage Exceeds 80%
how to configure the FortiGate for log rollover when the disk usage surpasses 80%.ScopeFortiGate.Solution Resolution: Understanding Default Disk Usage: FortiGate systems reserve about 25% of disk space for system utilities and unforeseen quota overflows. As a result, only approximately 75% of the di…
spoojary
