Logs on system memory

Forum|Forum|6 years ago
September 12, 2019
2 replies
11090 views

Hello,

On a Fortigate system memory log storage (like 50E and 60E), how the logs storage is measured?

For example, on 6pm today can I view the logs from 4pm of yesterday? If not, what is the reasoning for consulting the logs on this type of firewalls?

Thank you

Markus

New Member

Hi, It depends how much log you generate and how much "space=memory" you reserve for them. If the "space" running out, oldest logs are purged. Best

Dave_Hall

New Member

Logging to memory quickly runs out, even if you are not logging that much info - it's really meant to help with troubleshooting something in near-real time. If your company has needs to keep track/records of certain traffic, it should invest in a logging device (i.e. FortiAnalyzer, cloud, syslog, etc.).

That said, the 60E does have a 128 GB SSD (according to specs) (The 50E model does not, but the 51E models does). You could try enabling logging to disk, but on those smaller fgt models it's really not advisable.

Markus

New Member

Good addition Dave, thanks, but unfortunately, the 60E don't have local storage. https://www.fortinet.com/...1by_D2Ic46Fsk94yLkW5OD

Balkancruiser

New Member

The memory used for syslog is limited on the local device. I'd strongly recommend you to use an external node as a logging server. I had to get the logs of 4 hours of operation and it was something like 30 MB of syslog.

This being said, if you just log stuff on an external linux server with some 4 TB of storage, you will be able to track all your devices from one point and not overwhelm their internal memory.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded