Configuring EventDB Based Deployment

This section covers the following topics:

• EventDB Configuration Overview

• Creating EventDB Online Storage

• Creating EventDB Archive Storage

EventDB Configuration Overview

 

EventDB requires a file location for storing events.

• For all-in-one based deployments, you need to create a disk and enter that disk path in the GUI. (Case 1)

• For hardware-based deployments, the disk is already created, and you need to enter specific information in the GUI. (Case 1)

• For cluster-based installations using Workers, you must set up NFS and provide the mount point in the GUI. (Case 2)

You can set up separate Online and Archive EventDB, with separate file locations.

For managing Online and Archive event retention, see How EventDB Event Retention Works.

Information on Online event database usage can be seen at Viewing Online Event Data Usage.

Information on Archive event database usage can be seen at Viewing Archive Data.

Creating EventDB Online Storage

 

Case 1: If your deployment is on all-in-one node or a hardware appliance, then follow these steps:

1. Go to ADMIN > Setup > Storage.

2. Click Online, and from the Event Database drop-down list, select EventDB Local Disk.

3. Enter the following information for Disk Name.

   1. Hardware appliances: enter “hardware”

   2. Software installs: enter the 4th or 5th disk name that you configured (Refer to your specific Installation Guide in the FortiSIEM Document Library) during FortiSIEM installation. Use the command fdisk -l to find the disk name.

4. Click Test.

5. If the test succeeds, click Deploy.

 

Case 2: If your deployment has Worker nodes, then you must configure event database on NFS. Make sure you have NFS server setup and then follow these steps:

1. Go to ADMIN > Setup > Storage.

2. Click Online, and from the Event Database drop-down list, select EventDB on NFS.

3. Enter the following parameters:

   1. Server IP/Host: [Required] Select IP or Host and enter the IP address/Host name of the NFS server.

   2. Exported Directory: [Required] Enter the file path on the NFS Server which will be mounted.

4. Click Test.

5. If the test succeeds, click Deploy.

Creating EventDB Archive Storage

 

Follow these steps:

1. Go to ADMIN > Setup > Storage.

2. Click Archive, and select NFS.

3. Enter the following parameters:

   1. IP/Host: [Required] Select IP or Host and enter the IP address/Host name of the NFS server.

   2. Exported Directory: [Required] Enter the file path on the NFS Server which will be mounted.

4. Click Test.

5. If the test succeeds, click Deploy.