Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
944
Views
0
Helpful
3
Replies

Alarm/Notification Storage Capacity Flow Collector

sandyma
Level 1
Level 1

‎04-02-2020 01:10 AM

Hello all,

 

I want to ask,

we can see the storage statistics in the Appliance Flow Collector menu, there is visible capacity in days, remainin days, bytes per day, I have also confirmed to the TAC that the data can be a reference / estimate when the storage capacity of this flow collector database will be full.

but is there any alarm / notification if the storage capacity is full in stealtwatch dashboard ?
I was only told that Stealwatch can be configured as a SNMP agent to do this.
but I have not yet received an answer about the alarm / notification when stealtwatch has the full storage capacity

Labels:
0 Helpful
3 Replies 3

kyoshiik
Cisco Employee
Cisco Employee

‎04-02-2020 07:58 PM

We can only see storage capacity in FC local Web UI(Top page).

And there is no function to alert it via snmp/syslog. However, we sometimes see "Current Alarms: Database Writes disabled due to low disk space" in Java UI(Desktop Client). This error is only triggered when disk rotation doesn't catch up writing volume and disk usage is over 80%. But in a normal environment, this error never be triggered because rotation function keeps available disk space under 80%. And we can configure this system alarm to export syslog in Java UI.

0 Helpful

sandyma
Level 1
Level 1
In response to kyoshiik

‎04-02-2020 09:19 PM

hello kyoshiik, Thanks for the explanation

And how about the disk lifecycle management?
for example the disk turns out to be full capactiry, and we don't see/notice by the alarm, will it delete the old file ? or what a stealtwatch disk management looks like
0 Helpful

kyoshiik
Cisco Employee
Cisco Employee
In response to sandyma

‎04-02-2020 11:26 PM

Stealthwatch delete old log when it reaches 80% of disk space. It’s crone job in every hours. Please check FC web UI top page and you can see current utilization of /lancope/var directory and its log storage space. FC web is only way to see it. No alarm function except my prior explanation.

0 Helpful
Customers Also Viewed These Support Documents