Support Center > Search Results > SecureKnowledge Details
Threat Emulation inspection failure due to disk space shortage Technical Level
Symptoms
  • SmartView Tracker / SmartView Monitor shows alerts about disk space (e.g., as described in sk101149).

  • Files are neither sent for emulation, nor sent for Anti-Virus checks, even when free disk space is increased.

  • Output of the 'df -h' command on the Threat Emulation Gateway shows less than 20% of free space in the /var/log/ partition.

  • "Inspection failure - not enough free disk space, see sk92907" error in tracker logs
Cause

Free disk space is below the defined threshold in the log minimum space configuration. For R80.10, R77.30 and earlier versions, refer to sk124712.


Solution

Follow this action plan on the Threat Emulation Gateway:

  1. Delete unneeded files to free disk space

    Related solutions:

    In addition, you can check which large files can be deleted (e.g., old backup files, old log files, debug output files, SmartConsole installation files, etc.):

    [Expert@HostName:0]# find / -size +20000k -type f

    Note: Pay attention to the /etc/fw/log/ directory.

  2. Change the threshold of available disk space in the /var/log/ partition at which the Security Gateway should stop scanning files

    If there is enough free disk space, but still less than 20%:

    1. Connect with SmartDashboard to the Security Management Server / Domain Management Server.

    2. Go to the File menu - click on Database Revision Control... - create a revision snapshot.

      Note: Database Revision Control is not supported for VSX objects (sk65420).

      In addition, refer to:

    3. Close all SmartConsole windows (SmartDashboard, SmartView Tracker, SmartView Monitor, etc.).

    4. Connect with the GuiDBedit Tool to the Security Management Server / Domain Management Server.

    5. In the upper left pane, go to Table - Anti-Malware - antimalware_misc.

    6. In the upper right pane, click on TESettings_Default

    7. Press CTRL+F (or go to Search menu - Find) - paste stop_adding_files_to_queue_when_disk_space_falls_below - click on Find Next.

    8. In the lower pane, right-click on the stop_adding_files_to_queue_when_disk_space_falls_below - select Edit... - set the desired value - click on OK.

      Note: This value specifies at what percent of available disk space in /var/log/ the Security Gateway should stop scanning files.

    9. Save the changes: go to File menu - click on Save All.

    10. Close the GuiDBedit Tool.

    11. Connect with SmartDashboard to the Security Management Server / Domain Management Server.

    12. Install the Security and Threat Prevention policy onto the relevant Security Gateway / Cluster object.

  3. Increase the size of /var/log/ partition (if possible)

    Increasing partition sizes (i.e., /var/log/ partition) should be done using the LVM Manager per sk95566 - Managing partition sizes via LVM manager on Gaia OS.

    Note: The command set volume logs size <size in GB> is currently not recommended and should be avoided in this case.

 

Related solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment