To create a new ADOM, you must be logged in as a super user administrator.
Consider the following when creating ADOMs:
- The maximum number of ADOMs that can be created depends on the FortiAnalyzer model. For more information, see the FortiAnalyzer data sheet at https://www.fortinet.com/products/management/fortianalyzer.html.
When the maximum number of ADOMs has been exceeded, an alert will be issued in the Alert Message Console in System Settings > Dashboard.
- You must use an administrator account that is assigned the Super_User administrative profile.
- You can add a device to only one ADOM. You cannot add a device to multiple ADOMs.
- You cannot add FortiGate and FortiCarrier devices to the same ADOM. FortiCarrier devices are added to a specific, default FortiCarrier ADOM.
- You can add one or more VDOMs from a FortiGate device to one ADOM. If you want to add individual VDOMs from a FortiGate device to different ADOMs, you must first enable advanced device mode. See ADOM device modes.
- You can configure how an ADOM handles log files from its devices. For example, you can configure how much disk space an ADOM can use for logs, and then monitor how much of the allotted disk space is used. You can also specify how long to keep logs in the SQL database and how long to keep logs stored in compressed format.
To create an ADOM
- Ensure that ADOMs are enabled. See Enabling and disabling the ADOM feature.
- Go to System Settings > All ADOMs.
- Click Create New in the toolbar. The Create New ADOM pane is displayed.
- Configure the following settings, then click OK to create the ADOM.
Type a name that allows you to distinguish this ADOM from your other ADOMs. ADOM names must be unique.
Select the type of device that you are creating an ADOM for. The ADOM type cannot be edited.
For Security Fabric ADOMs, select Fabric.
Although you can create a different ADOM for each type of device, FortiAnalyzer does not enforce this setting.
Add a device or devices with the selected versions to the ADOM. The search field can be used to find specific devices. See Assigning devices to an ADOM.
Specify how long to keep logs in the indexed and compressed states.
Keep Logs for Analytics
Specify how long to keep logs in the indexed state.
During the indexed state, logs are indexed in the SQL database for the specified amount of time. Information about the logs can be viewed in the SOC > FortiView, Incidents & Events, and Reports modules. After the specified length of time expires, Analytics logs are automatically purged from the SQL database.
Keep Logs for Archive
Specify how long to keep logs in the compressed state.
During the compressed state, logs are stored in a compressed format on the FortiAnalyzer unit. When logs are in the compressed state, information about the log messages cannot be viewed in the SOC > FortiView, Incidents & Events, or Reports modules. After the specified length of time expires, Archive logs are automatically deleted from the FortiAnalyzer unit.
Specify how much disk space to use for logs.
Specify the maximum amount of FortiAnalyzer disk space to use for logs, and select the unit of measure.
The total available space on the FortiAnalyzer unit is shown.
For more information about the maximum available space for each FortiAnalyzer unit, see Disk space allocation.
Analytics : Archive
Specify the percentage of the allotted space to use for Analytics and Archive logs.
Analytics logs require more space than Archive logs. For example, a setting of 70% and 30% indicates that 70% of the allotted disk space will be used for Analytics logs, and 30% of the allotted space will be used for Archive logs. Select the Modify checkbox to change the setting.
Alert and Delete When Usage Reaches
Specify at what data usage percentage an alert messages will be generated and logs will be automatically deleted. The oldest Archive log files or Analytics database tables are deleted first.