When you log in to the Secospace eLog, the dumped logs and latest reports of the Eudemon/USG firewall cannot be queried, and only certain online logs on the current day can be queried.
Log in to the Secospace eLog as the administrator, and then choose System Management > System Log. Online Log storage space is low (at least 2048MB free space is needed), EudemonSession could not be stored is displayed in the Query Result of System Log. As shown in the following figure.
Either of the following methods can be adopted to rectify the previous fault:
1. Re-divide disk partitions according to the requirements of the Seccospace eLog Installation Guide. Through this method, you should re-install the Secospace eLog first. Before re-dividing disk partitions, you should back up original log data.
For how to divide disk partitions, refer to Partitioning Disks of the Seccospace eLog Installation Guide.
2. Mount disk array cabinets to expand the storage space for online logs and dumped logs. Through this method, you should configure disk array cabinets.
For how to configure disk array cabinets, refer to Configuring a Disk Array Cabinet of the Seccospace eLog Installation Guide.
For how to expand the storage space for online logs and dumped logs, refer to the case Expanding the Storage Space of the Log Collector.
The online logs and dumped logs of the Secospace eLog must be stored in different disk partitions, so that the storage space of online logs and dumped logs cannot be exhausted at the same time. The cause of the previous fault is that before the Secospace eLog is installed, disk partitions are not created for the server according to the requirements of the Seccospace eLog Installation Guide, and online logs and dumped logs are stored in the same disk partition. After the disk space of online logs and dumped logs is exhausted at the same time, new logs cannot be received. As a result, the latest logs sent from the Eudemon/USG firewall are discarded, and thus the latest online logs and reports cannot be queried on the Secospace eLog. As dumped logs are compressed before storage, the Secospace eLog needs to first decompress the dumped logs for the query. The disk space is exhausted for decompressing the dumped logs. As a result, the dumped logs cannot be queried.