Fortinet 200D OS Location

Forum|Forum|11 years ago
September 3, 2014
3 replies
7720 views

I have a fortinet 200D with the following status. In this case I believe the OS is installed in flash. So can I perform a hard reboot of the system. Also where does the firewall going to store the logs? get hardware status Model name: FortiGate-200D ASIC version: CP8 ASIC SRAM: 64M CPU: Intel(R) Celeron(R) CPU G540 @ 2.50GHz Number of CPUs: 2 RAM: 3960 MB Compact Flash: 15331 MB /dev/sda Hard disk: 61057 MB /dev/sdb USB Flash: not available Network Card chipset: Intel(R) PRO/1000 Network Connection (rev.0000)

Best answer by Paul_Dean

Have a look at the "execute log" cli command:

execute log delete delete local logs of one category delete-all delete all local logs delete-rolled delete local rolled log file(s) display display filtered log entries filter filter fortianalyzer fortianalyzer fortiguard fortiguard list list current and rolled log files info roll roll log files now upload upload log/archive to faz/fas upload upload log/archive to faz/fas

ede_pfau

SuperUser

hi, you are right, firmware and config are stored in the CF (flash) file system. Logs can be stored to the internal SSD (' disk' ) if configured. Different to many smaller models even heavy logging to disk will not have any adverse effects on hardware durability. A reboot by power cycling (' hard reboot' ) can be done but should be avoided. At least you should backup the config (if that is possible at all). Either a ' exec reboot' or a ' exec shut' plus power cycling is the way to go. I' ve been in situations where the FGT wouldn' t take any CLI commands anymore and I had to revert to power cycling. Which cost me the integrity of the config. Luckily, the FGT was not logging to local disk. I would expect the file system to be compromised otherwise.

aviltAuthor

New Member

Here how can I confirm the logging location (HD vs Flash)?

ede_pfau

SuperUser

Either in the GUI, Log&Report - Traffic Log (or any other category). The data source is displayed in the lower left corner.

Or in the CLI, 'get log mem settings' - check the 'status'. Same for 'get log disk sett'. If both are enabled you can choose the displayed source.

aviltAuthor

New Member

Thanks, cofnirmed with the following output. What is the right method to cleanup the hard disk if hard disk is reaching it's full capacity? How can I manually delete the log files?

MyFortinet # get log memory setting diskfull : overwrite status : disable

ede_pfau wrote:
Either in the GUI, Log&Report - Traffic Log (or any other category). The data source is displayed in the lower left corner.
Or in the CLI, 'get log mem settings' - check the 'status'. Same for 'get log disk sett'. If both are enabled you can choose the displayed source.

Paul_DeanAnswer

Visitor III

Have a look at the "execute log" cli command:

execute log delete delete local logs of one category delete-all delete all local logs delete-rolled delete local rolled log file(s) display display filtered log entries filter filter fortianalyzer fortianalyzer fortiguard fortiguard list list current and rolled log files info roll roll log files now upload upload log/archive to faz/fas upload upload log/archive to faz/fas

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded