Technical Tip: How to configure logging to memory in FortiOS
Description
This article will explain how to enable logging by using either the GUI or the CLI.
Scope
FortiOS.
Solution
This article covers the steps required in order to enable and configure logging.
As a final step an example is shown of the CLI command that can be used to test this setup.
Enable logging to memory from GUI:
- Navigate to Log & Report -> Log Settings (if Virtual Domain is Enabled, this should be set under each VDOM).
- Select and set the options as per individual requests.
- Select Apply.
- Go to Log & Report -> Log Settings -> Threat Weight to select the Log Level from the list.
Enable logging to memory from the CLI:
config vdom
edit root
config log memory setting
set status enable
end
end
config vdom
edit root
config log memory filter
set severity information
end
end
Setup Event logging from GUI:
- Under Log & Report -> Log Settings (if Virtual Domain is Enabled, this should be set under each VDOM).
- Refer to Event Logging.
- Select Apply.
Set up event logging from the CLI:
config vdom
edit root
config log eventfilter
set event enable
set system enable
...
end
end
Logging Security Profile events from the GUI:
To be able to log the Security Events logs, the option should be enabled under each firewall policy, as seen:
To be able to log the Security Events logs, the option should be enabled under each firewall policy, as seen:
A new firewall policy should be created, selecting the Security Profiles necessary:
- Under Policy & Objects -> Firewall Policy -> Create New.
- Select and activate the Security Profiles.
- Refer to Logging Options and Activate the Log Allowed Traffic. Select at least the Security Events option.
Verification:
In order to generate log events for the settings, a CLI command can be used.
The CLI command (under each VDOM if enabled):
diagnose log test
When log settings have been correctly configured, test log messages should be shown under Log & Report -> Forward Traffic.
Related articles: