Fortinet white logo
Fortinet white logo

Administration Guide

Creating ADOMs

Creating ADOMs

ADOMs must be enabled, and you must be logged in as a super user administrator to create a new ADOM.

Consider the following when creating ADOMs:

  • The maximum number of ADOMs that can be created depends on the FortiAnalyzer model. For more information, see the FortiAnalyzer data sheet at https://www.fortinet.com/products/management/fortianalyzer.html.
    When the maximum number of ADOMs has been exceeded, an alert will be issued in the Alert Message Console in System Settings > Dashboard.
  • You must use an administrator account that is assigned the Super_User administrative profile.
  • You can add a device to only one ADOM. You cannot add a device to multiple ADOMs.
  • You cannot add FortiGate and FortiCarrier devices to the same ADOM. FortiCarrier devices are added to a specific, default FortiCarrier ADOM.
  • You can add one or more VDOMs from a FortiGate device to one ADOM. If you want to add individual VDOMs from a FortiGate device to different ADOMs, you must first enable advanced device mode. See ADOM device modes.
  • You can configure how an ADOM handles log files from its devices. For example, you can configure how much disk space an ADOM can use for logs, and then monitor how much of the allotted disk space is used. You can also specify how long to keep logs in the SQL database and how long to keep logs stored in compressed format.
To create an ADOM:
  1. Ensure that ADOMs are enabled. See Enabling and disabling the ADOM feature.
  2. Go to System Settings > ADOMs.
  3. Click Create New in the toolbar. The Create New ADOM pane is displayed.

  4. Configure the following settings, then click OK to create the ADOM.

    Name

    Type a name that allows you to distinguish this ADOM from your other ADOMs. ADOM names must be unique.

    Type

    Select the type of device that you are creating an ADOM for. The ADOM type cannot be edited.

    For Security Fabric ADOMs, select Fabric.

    Although you can create a different ADOM for each type of device, FortiAnalyzer does not enforce this setting.

    Time Zone

    Select the time zone for the ADOM.

    This time zone will be used when displaying data in Log View and FortiView.

    The Default time zone is the time zone set for the FortiAnalyzer. For more information, see Configuring the system time.

    DNS

    Select Use System DNS or specify a unique DNS server for the ADOM.

    When a unique DNS server is specified for the ADOM, all the resolution of IP address to hostnames in the ADOM are queried to the specified DNS server instead of the system DNS server in Log View, FortiView, Reports, and so on.

    To configure the system DNS, see Configuring network interfaces.

    Devices

    Add a device or devices with the selected versions to the ADOM. The search field can be used to find specific devices. See Assigning devices to an ADOM.

    Data Policy

    Specify how long to keep logs in the indexed and compressed states.

    Keep Logs for Analytics

    Specify how long to keep logs in the indexed state.

    During the indexed state, logs are indexed in the SQL database for the specified amount of time. Information about the logs can be viewed in the FortiView, Incidents & Events, and Reports modules. After the specified length of time expires, Analytics logs are automatically purged from the SQL database.

    Keep Logs for Archive

    Specify how long to keep logs in the compressed state.

    During the compressed state, logs are stored in a compressed format on the FortiAnalyzer unit. When logs are in the compressed state, information about the log messages cannot be viewed in the FortiView, Incidents & Events, or Reports modules. After the specified length of time expires, Archive logs are automatically deleted from the FortiAnalyzer unit.

    Disk Utilization

    Specify how much disk space to use for logs.

    Maximum Allowed

    Specify the maximum amount of FortiAnalyzer disk space to use for logs, and select the unit of measure.

    The total available space on the FortiAnalyzer unit is shown.

    For more information about the maximum available space for each FortiAnalyzer unit, see Disk space allocation.

    Analytics : Archive

    Specify the percentage of the allotted space to use for Analytics and Archive logs.

    Analytics logs require more space than Archive logs. For example, a setting of 70% and 30% indicates that 70% of the allotted disk space will be used for Analytics logs, and 30% of the allotted space will be used for Archive logs. Select the Modify checkbox to change the setting.

    Alert and Delete When Usage Reaches

    Specify at what data usage percentage an alert messages will be generated and logs will be automatically deleted. The oldest Archive log files or Analytics database tables are deleted first.

Creating ADOMs

Creating ADOMs

ADOMs must be enabled, and you must be logged in as a super user administrator to create a new ADOM.

Consider the following when creating ADOMs:

  • The maximum number of ADOMs that can be created depends on the FortiAnalyzer model. For more information, see the FortiAnalyzer data sheet at https://www.fortinet.com/products/management/fortianalyzer.html.
    When the maximum number of ADOMs has been exceeded, an alert will be issued in the Alert Message Console in System Settings > Dashboard.
  • You must use an administrator account that is assigned the Super_User administrative profile.
  • You can add a device to only one ADOM. You cannot add a device to multiple ADOMs.
  • You cannot add FortiGate and FortiCarrier devices to the same ADOM. FortiCarrier devices are added to a specific, default FortiCarrier ADOM.
  • You can add one or more VDOMs from a FortiGate device to one ADOM. If you want to add individual VDOMs from a FortiGate device to different ADOMs, you must first enable advanced device mode. See ADOM device modes.
  • You can configure how an ADOM handles log files from its devices. For example, you can configure how much disk space an ADOM can use for logs, and then monitor how much of the allotted disk space is used. You can also specify how long to keep logs in the SQL database and how long to keep logs stored in compressed format.
To create an ADOM:
  1. Ensure that ADOMs are enabled. See Enabling and disabling the ADOM feature.
  2. Go to System Settings > ADOMs.
  3. Click Create New in the toolbar. The Create New ADOM pane is displayed.

  4. Configure the following settings, then click OK to create the ADOM.

    Name

    Type a name that allows you to distinguish this ADOM from your other ADOMs. ADOM names must be unique.

    Type

    Select the type of device that you are creating an ADOM for. The ADOM type cannot be edited.

    For Security Fabric ADOMs, select Fabric.

    Although you can create a different ADOM for each type of device, FortiAnalyzer does not enforce this setting.

    Time Zone

    Select the time zone for the ADOM.

    This time zone will be used when displaying data in Log View and FortiView.

    The Default time zone is the time zone set for the FortiAnalyzer. For more information, see Configuring the system time.

    DNS

    Select Use System DNS or specify a unique DNS server for the ADOM.

    When a unique DNS server is specified for the ADOM, all the resolution of IP address to hostnames in the ADOM are queried to the specified DNS server instead of the system DNS server in Log View, FortiView, Reports, and so on.

    To configure the system DNS, see Configuring network interfaces.

    Devices

    Add a device or devices with the selected versions to the ADOM. The search field can be used to find specific devices. See Assigning devices to an ADOM.

    Data Policy

    Specify how long to keep logs in the indexed and compressed states.

    Keep Logs for Analytics

    Specify how long to keep logs in the indexed state.

    During the indexed state, logs are indexed in the SQL database for the specified amount of time. Information about the logs can be viewed in the FortiView, Incidents & Events, and Reports modules. After the specified length of time expires, Analytics logs are automatically purged from the SQL database.

    Keep Logs for Archive

    Specify how long to keep logs in the compressed state.

    During the compressed state, logs are stored in a compressed format on the FortiAnalyzer unit. When logs are in the compressed state, information about the log messages cannot be viewed in the FortiView, Incidents & Events, or Reports modules. After the specified length of time expires, Archive logs are automatically deleted from the FortiAnalyzer unit.

    Disk Utilization

    Specify how much disk space to use for logs.

    Maximum Allowed

    Specify the maximum amount of FortiAnalyzer disk space to use for logs, and select the unit of measure.

    The total available space on the FortiAnalyzer unit is shown.

    For more information about the maximum available space for each FortiAnalyzer unit, see Disk space allocation.

    Analytics : Archive

    Specify the percentage of the allotted space to use for Analytics and Archive logs.

    Analytics logs require more space than Archive logs. For example, a setting of 70% and 30% indicates that 70% of the allotted disk space will be used for Analytics logs, and 30% of the allotted space will be used for Archive logs. Select the Modify checkbox to change the setting.

    Alert and Delete When Usage Reaches

    Specify at what data usage percentage an alert messages will be generated and logs will be automatically deleted. The oldest Archive log files or Analytics database tables are deleted first.