Skip to main content
papapuff
papapuff
New Member
October 6, 2014
Question

ask - delete some log

  • October 6, 2014
  • 6 replies
  • 11072 views
hi there, need help. can I delete some log, or at least just for certain log, not a whole log, on the fortigate? let say I allocate 100MB for disk Log. I want to delete everything on the forward log only. can I do that? I use FG100D, 30C, 40C and 60D. thank you

    6 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    October 6, 2014
    Use the 
     exec log
    commands. For a listing of log files on disk, use ' exec log list' and specify the category you want. A ' exec log delete-all' will just do that. This is for FOR v5. I haven' t found a command to delete specific files only.
    Christopher_McMullan
    Staff
    Christopher_McMullan
    Staff
    October 6, 2014
    Deleting specific files would likely have to be done through a Linux-like filesystem browse and delete: fnsysctl ls -l / <---root directory fnsysctl ls -l /var/log/root <---if not ' root' , insert the proper VDOM here fnsysctl rm /var/log/root/alog.12345 <---for instance There are alog, clog, dlog, elog, mlog, nlog, plog, rlog, slog, tlog, vlog, and wlog files. Obviously a little confusing... You can always use ' fnsysctl cat /var/log/root/alog.12345' to view the contents first before deciding whether you' d be deleting the right file. Always beware deleting files directly that you can' t delete with as much surgical precision in the GUI or normal CLI commands...
    papapuff
    papapuffAuthor
    New Member
    October 8, 2014
    hi. thanks for reply. I think alog is for allowed log? am I correct? then, I can' t find alog when I do " fnsysctl ls -l /var/log/root" thanks
    neonbit
    neonbit
    New Member
    October 8, 2014
    I believe the alog is for ' Attack log' , this ties in with your IPS. If you don' t have IPS enabled and attacks detected then I don' t think you' d see any alogs show up. Below is an example of an alog from my FGT: fgt# fnsysctl cat /var/log/root/alog.65426 date=2014-10-03 time=03:37:03 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=" root" severity=high srcip=182.146.65.177 dstip=192.168.102.10 sessionid=2289289 action=detected proto=6 service=HTTP attack=" PHP.CGI.Argument.Injection" srcport=50352 dstport=80 direction=0 attackid=31752 profile=" protect-lamp-monitor" ref=" http://www.fortinet.com/ids/VID31752" incidentserialno=322895379 msg=" web_server: PHP.CGI.Argument.Injection," crscore=30 crlevel=high date=2014-10-03 time=03:37:04 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=" root" severity=high srcip=182.146.65.177 dstip=192.168.102.10 sessionid=2289296 action=detected proto=6 service=HTTP attack=" PHP.CGI.Argument.Injection" srcport=50353 dstport=80 direction=0 attackid=31752 profile=" protect-lamp-monitor" ref=" http://www.fortinet.com/ids/VID31752" incidentserialno=322895380 msg=" web_server: PHP.CGI.Argument.Injection," crscore=30 crlevel=high
    papapuff
    papapuffAuthor
    New Member
    October 9, 2014
    hi there. thanks all for help. finally found (but not satisfy enough), how-to delete log based on category. unfortunately only can delete category, can' t delete sub-category (as example: forward log inside traffic log). who may needed, this is the way to delete: 
      exec log <name of category>  exec log delete
    thanks.
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    October 9, 2014
    This KB article #FD31631 explains how to select the log device and log category and subsequently delete specific logs. Detail level is down to category.
    papapuff
    papapuffAuthor
    New Member
    October 17, 2014
    --sorry--- my bad.already found how to list the category
    Terms & ConditionsAccessibility statement