Expand nsm disk on Forward node

[litsonRLSD]

Version

2.4.30

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Meets minimum requirements

CPU

4

RAM

36

Storage for /

166G

Storage for /nsm

335G

Network Traffic Collection

span port

Network Traffic Speeds

Less than 1Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

So, I am I have a distributed deployment, and apparently made my storage for my forward node too small. Is there a way to expand the nsm folder or is it better to just deploy another forward node to help handle the pcaps coming in?

Guidelines

• I have read the above statement and can confirm my post is relevant to Security Onion 2.4.

[dougburks]

Have you checked the docs?
https://docs.securityonion.net/en/2.4/new-disk.html

[litsonRLSD]

Well don't I feel stupid. Whoops, didn't see that there. Lee Itson, M.A.Ed. *District Technology Coordinator / RLHS Esports Director* School District of Random Lake phone: 920-447-3069 address: 605 Random Lake Road Random Lake, WI 53075 <https://www.google.com/maps/place/605+Random+Lake+Rd,+Random+Lake,+WI+53075> e-mail: ***@***.*** twitter: *Mission:* @the_IT_factor <https://twitter.com/the_it_factor> *Providing tomorrow's leaders with a distinct advantage.* If you need technical assistance, visit the RLSD Help Desk <https://rlsdit.sysaidit.com>

…

On Fri, Dec 1, 2023 at 1:26 PM Doug Burks ***@***.***> wrote: Have you checked the docs? https://docs.securityonion.net/en/2.4/new-disk.html — Reply to this email directly, view it on GitHub <#11911 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BBU6OVYYEWCWSFP6SUH2KHDYHIVMRAVCNFSM6AAAAABABRMCIWVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TOMZSHA3DM> . You are receiving this because you authored the thread.Message ID: <Security-Onion-Solutions/securityonion/repo-discussions/11911/comments/7732866 @github.com>

-- Confidentiality Notice:  This e-mail and any files attached to it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  If you are not the intended recipient or the person responsible for delivery of the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited.  If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it.  Thank you.