Skip to main content
JohnDevNet_FTNT
Staff
JohnDevNet_FTNT
Staff
August 3, 2017

Technical Tip: Prevent a log from being generated

  • August 3, 2017
  • 0 replies
  • 10716 views

Description


This article explains how to prevent FortiGate from generating specific logs if the requirements are to not store these logs.



This example deals with logs stored in memory, but it also works for the logs stored on disk.


Scope


Confirm that logging to memory is enabled:

 

show full log memory setting

config log memory setting
    set status enable

set diskfull overwrite

 end


Solution

 

On FortiOSv7.0 onwards, freestyle log filtering is introduced for more filtering capability.

 

config log memory filter
config free-style
edit 1
set category {event | virus | webfilter | attack | spam | anomaly | voip | dlp | app-ctrl | waf | gtp | dns | ssh | ssl | file-filter | icap}
set filter <string>
set filter-type include
next
end
end

 

The filter string can be a legal regular filter string. For example, ((srcip 172.16.1.1) or (dstip 172.16.1.2)) and (dstport 80 443 50-60).

 

For example, to filter the following log on Disk :

 

date=2025-05-15 time=08:45:18 eventtime=1747269918986137536 tz="+0800" logid="0100041001" type="event" subtype="system" level="critical" vd="root" logdesc="FortiGate update failed" status="update" msg="Fortigate update failed for no fds allowed.

 

Configure the following filter to filter by logid 0100041001 criteria :

 

config log disk filter
config free-style
edit 1
set category event
set filter "logid 0100041001"
set filter-type exclude
next
end
end

 

It is also possible to configure filter for other type of logging by configuring :

 

config log <type> filter where type can be :  disk / memory / syslogd*/ tacacs+accounting* 

 

Note :

Indicates ability to configure for multiple device such as syslogd2, syslogd3.

 

For more information on freestyle filter :

Using syslog free-style filters 

Configuring advanced syslog free-style filters 


By default, there is no filter for logs. By default, the log severity level is INFORMATION. Other severity levels are:

  1. emergency
  2. alert
  3. critical
  4. error
  5. warning
  6. notification
  7. information
  8. debug

 

# show full

config log memory filter

    set severity information

    set forward-traffic enable

    set local-traffic enable

    set multicast-traffic enable

    set sniffer-traffic enable

    set anomaly enable

    set voip enable

    set filter ''

    set filter-type include

end

PRODUCTS

PARTNERS

TRUST CENTER

MORE

CONNECT WITH US

Copyright © 2026 Fortinet, Inc. All Rights Reserved.
Terms of Service Privacy Policy Notice for California Residents Do Not Sell Or Share My Personal Information GDPR Canadian Accessibility Cookie Settings