Insight storage full

0

357 views
I have a Savvius insight that always reports that the storage is fill.  In Omnipeek I see 0Gb free out of 59 Gb.  In addition, This device will not longer capture to disk and the option is grayed out.


 
asked January 25, 2017 07:49 PM
By:
Keith McLaren

 

3 Answers

0
Best answer
 
At this point, go to the Forensics tab and then the Details tab at the bottom of the screen. Right-Click on all the captures and delete them. This will make sure that there are no more captures or files.
flag
answered January 27, 2017 08:37 AM
By: Jason Jacklich
There are no forensics captures to delete. I have removed all captures, logs, files from this system but the storage does not clear.
flag
Jan 27, 2017 08:41 AM
This may be a database corruption issue. Below are the instructions to reset it.: You must log into the Insight via SSH using Putty or the like: ID; root PW: wildpackets At the Linux command line enter each command individually. 1. service omnid stop 2. rm -rf /var/lib/omni/db/omni.db 3. service omnid start Once this is done, log back into the Insight and see if the Storage Space is back.
flag
Jan 27, 2017 09:13 AM
Sorry, The default password for the Insight units is "savvius".
flag
Jan 27, 2017 10:00 AM
Jason, this did not work but I found it!!! I did not find the omni.db in that location but found it in /var/lib/omni/data/omni.db. I delete this and it was recreated when I restarted the service. The problem did not go away though. However, when I was in /var/lib/omni/data/ i noticed that there are directories in there with names of captures that are long gone. I cleaned these up but no dice. <Continued>
flag
Jan 27, 2017 12:51 PM
Then I found that there is a directory called /var/lib/omni/data/statistics. I again found directory structures that contained large amounts of data from very old captures. I deleted these and the space it now 100% free. So the process I used was: service omnid stop cd /var/lib/omni/data/statistics ls -l <Identify the directories inside of statistics> rm -r "My Old Capture" <Do above for each directory> service omnid start
flag
Jan 27, 2017 12:52 PM
0
 
I have same issue says 89GB total 7 GB Available.  Space was used by previous traces and I have deleted all the files BUT still showed a Partition in Forensics\Storage tab. I deleted them also and still NO space recovered.
flag
answered January 27, 2017 07:06 AM
By: Chris Boron
deleted all Captures also and have 1 remaining with 1 GB allocated
flag
Jan 27, 2017 07:07 AM
This may be a database corruption issue. Below are the instructions to reset it.: You must log into the Insight via SSH using Putty or the like: ID; root PW: wildpackets At the Linux command line enter each command individually. 1. service omnid stop 2. rm -rf /var/lib/omni/db/omni.db 3. service omnid start Once this is done, log back into the Insight and see if the Storage Space is back.
flag
Jan 27, 2017 09:48 AM
Sorry, The default password for the Insight units is "savvius".
flag
Jan 27, 2017 10:00 AM
Name: Insight-023 Address: 192.168.1.110:6367 User: root Engine Type: Insight Version: 9.0.2 (build 9.0.2.20) Engine Local Time: 1/27/2017 10:18:22 Time Zone: GMT-05:00 Uptime: 14:57:08 Operating System: Ubuntu 12.04 LTS Memory: 7,974 MB Total Phys; 5,638 MB Avail Phys CPU Type: Intel(R) Atom(TM) CPU C2518 @ 1.74GHz CPU Count: 4 Capture Storage: |=================== | 89 GB Total; 7 GB Avail
flag
Jan 27, 2017 11:10 AM
@Chris Boron
AFTER DB CLEAR Name: Insight-023 Host Name: Insight-023 Address: 192.168.1.110:6367 User: root Engine Type: Insight Version: 9.2.2 (build 9.2.2.21) Engine Local Time: 1/27/2017 14:06:19 Time Zone: GMT-05:00 Uptime: 0:00:12 Operating System: Ubuntu 14.04 LTS Memory: 7,972 MB Total Phys; 6,311 MB Avail Phys CPU Type: Intel(R) Atom(TM) CPU C2518 @ 1.74GHz CPU Count: 4 Capture Storage: |====================| 59 GB Total; 0 GB Avail Seems i lost 30GB somewhere though
flag
Jan 27, 2017 11:11 AM
0
 
How many captures do you have configured?  By default, Insight has two monitoring captures.  If you configured an additional capture to disk, check the allocated space for that capture.  Allocated space will reserve disk space on the unit.  Only one CTD capture can be configured on Insight. 
flag
Edited Jan 26, 2017 08:47 AM
typo
answered January 26, 2017 08:46 AM
By: Savvius Team
I have removed all captures from this unit and the storage has not come back. With all captures deleted there is clearly not a CTD setup and yet I still cannot create a new CTD capture. It seems like something was left behind by a captures that was removed. Is there a way to clean this up?
flag
Jan 27, 2017 08:42 AM

Your answer


Preview
Contact Us Savvius Blog Follow Savvius on Twitter Like Savvius on Facebook Follow Savvius on LinkedIn Follow Savvius on YouTube Follow Savvius on Slideshare

Alert