Configuring Storage

FortiSIEM stores events in an event database. For a single node deployment, the event database resides locally on the FortiSIEM node. For multi-node deployments, the event database will be either on an NFS server or on Elasticsearch cluster. This section describes the steps to configure these storage options. This needs to be done when the system is setup for the first time.

  1. Go to ADMIN > Setup > Storage tab.
  2. In the Event Database dialog box, select the type of storage:

    Storage typeSettingsGuidelines
    Local DiskDisk Name[Required] Local disk name.
    During FortiSIEM installation, you can add a 'Local' data disk of appropriate size as the 4th disk. Use the command fdisk -l to find the disk name.
    NFSMount Point[Required] NFS Mount Point
    Server IP/Host[Required] IP address/Host name of the NFS server
    ElasticsearchCluster Name[Required] Name of the Elasticsearch Cluster
    Cluster IP/Host[Required] IP address or DNS name of the Elasticsearch cluster Coordinating node
    HTTP Port[Required] HTTP port number
    Java Port[Required] Java port number
    Shards[Required] Number of shards
    Replicas[Required] Number of replicas
    User Name [Optional] User name
    Password[Optional] Password associated with the user
  3. Click Test to test whether the parameters in Step 2 are correct.
    The Test button displays the progress with the label change to Testing..Click to Stop. If required, you can click this button to stop testing anytime.
  4. Click Save to save the changes.
    At this point the event database is properly setup.

For more information about Sizing, see the FortiSIEM Sizing Guide here.