Disk usage system notifications
IBM® QRadar® disk sentry monitors the /, /store, /storetmp, /transient, and /var/log partitions before the partitions reach a pre-defined usage threshold.
The following topics can help you identify and resolve common problems in your IBM QRadar deployment. The following table displays the host context system notifications that depend on the disk usage of each monitored partition.
| Notification | Description | Suggested action |
|---|---|---|
Disk Sentry: Disk Usage exceeded warning threshold. |
Disk usage is at 90% for a monitored partition. QRadar is not affected when the partition reaches this threshold. Continue to monitor your partition levels. | See Disk usage exceeded warning threshold. |
Disk Sentry: Disk Usage exceeded max threshold. |
Disk usage is at 95% for a monitored partition. QRadar data collection and search processes are shut down to protect the file system from reaching 100%. | See Disk usage exceeded max threshold. |
Disk sentry: System disk usage back to normal levels. |
After disk usage reaches a threshold of 95%, it must return to 92% before QRadar automatically restarts data collection and search processes. | To lower the disk usage threshold, manually remove data from the affected partitions. See Disk usage returned to normal. |