Fortigate log retention

Forum|Forum|2 years ago
August 7, 2023
1 reply
12949 views

Hi all

how to do log retention in fortigate firewall. will the logs be stored in the firewall internal storage ?, If stored what is retention period for it.

also how to do log management in Fortigate ?

FortiGate

A

Anonymous_User

New Contributor III

Hi @wadeparker_27

If FortiGate has a hard disk, it is enabled by default to store logs.

Disk logging is disabled by default if the FortiGate device only has flash memory because it is not recommended.

Constant rewrites to flash drives can reduce the lifetime and efficiency of the memory.

This metric is used to identify if logging into the system memory is enabled.
Enabling logging to the system memory is not recommended because this may affect the performance of the device. In addition, logs stored in the memory are cleared when the FortiGate device is restated.

Based on the network security best practice is recommended to store logs to a remote device.

Fortinet recommends uploading the logs for analysis to a remote device such as FortiAnalyzer or FortiGuard Analysis server.

By default, the maximum age for logs to store on disk is 7 days. Logs older than this are purged.

Please find below the link for the harddisk logging detail:-
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Hard-disk-utilization-by-the-FortiGate/ta-p/195481

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-logging-in-disk-using-GUI-CLI/ta-p/216995

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Hard-disk-utilization-by-the-FortiGate/ta-p/195481

Regards

Priyanka

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded