08-13-2021 07:56 AM
Hi Experts,
I need to configure an alert for disk space utilization on a SIEM tool, but when I get the syslog alarm, I see that there are multiple of disks that are created. And each is mounted to a different directory.
I am presuming that the / or the root would be the aggregate of all the disks if not then which one is it?
Syslog out put:
8-13-2021 20:13:55 Local6.Notice 10.1.250.81 Aug 13 20:13:54 dgise30 CISE_System_Statistics 0000000082 2 0 2021-08-13 20:13:54.829 +05:30 0000003855 70000 NOTICE System-Stats: ISE Utilization, ConfigVersionId=73, SysStatsUtilizationCpu=3.15%, SysStatsUtilizationNetwork=vethb6512ea: rcvd = 22850\; sent = 16613 \;rcvd_dropped = 0\; sent_dropped = 0, SysStatsUtilizationNetwork=br-d2d3f7d460a0: rcvd = 284088\; sent = 287877 \;rcvd_dropped = 0\; sent_dropped = 0, SysStatsUtilizationNetwork=veth0e0ea06: rcvd = 0\; sent = 0 \;rcvd_dropped = 0\; sent_dropped = 0, SysStatsUtilizationNetwork=veth035f28d: rcvd = 16613\; sent = 22850 \;rcvd_dropped = 0\; sent_dropped = 0, SysStatsUtilizationMemory=81.26%, SysStatsUtilizationDiskIO=1.33%, SysStatsUtilizationDiskSpace=15% /, SysStatsUtilizationDiskSpace=1% /tmp, SysStatsUtilizationDiskSpace=26% /opt, SysStatsUtilizationDiskSpace=14% /boot, SysStatsUtilizationDiskSpace=2% /storedconfig, AverageRadiusRequestLatency=0, AverageTacacsRequestLatency=0,
CLI output:
Internal filesystems:
/ : 15% used ( 2667220 of 19523408)
/dev : 0% used ( 0 of 8120500)
/dev/shm : 0% used ( 0 of 8131980)
/run : 1% used ( 2000 of 8131980)
/sys/fs/cgroup : 0% used ( 0 of 8131980)
/tmp : 1% used ( 7492 of 1983056)
/opt : 26% used ( 42526024 of 175446036)
/boot : 14% used ( 120392 of 991512)
/storedconfig : 2% used ( 1583 of 95054)
/run/user/440 : 0% used ( 0 of 1626400)
/opt/docker/runtime/overlay2/de385305a14897f48eaa48cb9a5a8c293c17b30422419fb812066c660f3ccc75/merged : 26% used ( 42526024 of 175446036)
/run/user/301 : 0% used ( 0 of 1626400)
/run/user/308 : 0% used ( 0 of 1626400)
/run/user/321 : 0% used ( 0 of 1626400)
/run/user/0 : 0% used ( 0 of 1626400)
/opt/docker/runtime/overlay2/37657ba040003566fa21fd95a24e47304e92be268402a72eccebc14c890264d6/merged : 26% used ( 42526024 of 175446036)
/opt/docker/runtime/overlay2/a3782682afafba69c1bd432f44eb348540c54a26c4cd2cfd52e3daec7b046355/merged : 26% used ( 42526024 of 175446036)
/opt/docker/runtime/overlay2/bd84fb3bca963df83ec69b4ccb664a6a1fe36b85523af0e7fdb5581e5d0c718e/merged : 26% used ( 42526024 of 175446036)
/run/user/323 : 0% used ( 0 of 1626400)
/run/user/322 : 0% used ( 0 of 1626400)
/run/user/304 : 0% used ( 0 of 1626400)
/run/user/300 : 0% used ( 0 of 1626400)
/opt/docker/runtime/overlay2/5b2c68ae0974c65cb03a3b937a97868e722f5708d1ff92b3aef340a86bfd8066/merged : 26% used ( 42526024 of 175446036)
/opt/docker/runtime/overlay2/1104b3ac1040e6fa68fb46058e12d3d0b63bd26fc4a62c3f5eb560fcd629c50c/merged : 26% used ( 42526024 of 175446036)
all internal filesystems have sufficient free space
Solved! Go to Solution.
08-13-2021 06:30 PM
Hi @dgaikwad ,
you are able to check the disk via the show disk command:
ise/admin# show disk
Internal filesystems:
/ : 15% used ( 2667220 of 19523408)
/dev : 0% used ( 0 of 8120500)
...
/run : 1% used ( 2000 of 8131980)
...
/tmp : 1% used ( 7492 of 1983056)
/opt : 26% used ( 42526024 of 175446036)
/boot : 14% used ( 120392 of 991512)
/storedconfig : 2% used ( 1583 of 95054)
...
you are able to check more information about the disk via the show inventory command:
ise/admin# show inventory
...
Hard Disk Count(*): 1
Disk 0: Device Name: /dev/sda
Disk 0: Capacity: 644.20 GB
...
The /dev, /run, /tmp, /opt, /boot, /storedconfig and /root are directories of the ADE-OS that you don't have access (only via root access).
Hope this helps !!!
08-13-2021 09:06 AM
Not sure what is this device output (or i may be missed here)
df -h ( given you information) what volume.
/ - not necessarly root, ( it all depends how parted the HDD partition Physical or Logical HDD)
08-13-2021 06:30 PM
Hi @dgaikwad ,
you are able to check the disk via the show disk command:
ise/admin# show disk
Internal filesystems:
/ : 15% used ( 2667220 of 19523408)
/dev : 0% used ( 0 of 8120500)
...
/run : 1% used ( 2000 of 8131980)
...
/tmp : 1% used ( 7492 of 1983056)
/opt : 26% used ( 42526024 of 175446036)
/boot : 14% used ( 120392 of 991512)
/storedconfig : 2% used ( 1583 of 95054)
...
you are able to check more information about the disk via the show inventory command:
ise/admin# show inventory
...
Hard Disk Count(*): 1
Disk 0: Device Name: /dev/sda
Disk 0: Capacity: 644.20 GB
...
The /dev, /run, /tmp, /opt, /boot, /storedconfig and /root are directories of the ADE-OS that you don't have access (only via root access).
Hope this helps !!!
08-14-2021 03:24 PM
> I am presuming that the / or the root would be the aggregate of all the disks if not then which one is it?
The / (or the root) is not the aggregate of all the disks. Rather, it is showing the file system mounted on that directory.
The output of the "show tech" command have a section like this below and gives us a better picture:
***************************************** Checking Disk Space... ***************************************** df -h output... Filesystem Size Used Avail Use% Mounted on ... /dev/sda3 25G 2.7G 21G 12% / /dev/sda7 259G 38G 209G 16% /opt /dev/sda4 93M 1.6M 85M 2% /storedconfig /dev/sda6 1.9G 6.2M 1.8G 1% /tmp /dev/sda2 969M 141M 763M 16% /boot /dev/sda1 270M 6.8M 264M 3% /boot/efi ...
I would suggest to monitor /, /opt, and /tmp
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: