If the FortiGate is part of a Security Fabric, it is not possible to change the disk log settings.
If an administrator tries to change it (enable or disable), the FortiGate will return an error:
FortiGate # config log disk setting
FortiGate (setting) # set status enable
FortiGate (setting) # end
Cannot change disk log setting.
This device is set up as a security fabric member.
The disk log setting cannot be changed unless configuration-sync in csf setting is set to local.
attribute set operator error, -39, discard the setting
Command fail. Return code -39
The error explains that as long as configuration sync is set to default, the setting above cannot be changed. With configuration-sync set to 'default', some objects are synchronized between the root FortiGate and the downstream FortiGates.
To learn more about what is synchronized, refer to Synchronizing objects across the Security Fabric.
In order to change disk logging settings, configuration-sync must be set to 'local':
FortiGate # config sys csf
FortiGate (csf) # set configuration-sync local
FortiGate (csf) # end
The setting can then be changed, without any errors:
FortiGate # config log disk setting
FortiGate (setting) # set status enable
FortiGate (setting) # end
Afterwards configuration-sync can be set again to the 'default' value if needed.
Note: A maintenance window is recommended for this activity to avoid potential traffic disruption due to objects not being synchronized from the root FortiGate.
| 
