UTM log saved locally on FG disk and all traffic log send to FAZ

Question

He Experts,

I would like to save only utm log to local disk and send all others to FAZ for further analysis.

I found a solution that set the log disk filter to severity warning and default for "log fortianalyzer setting", like this:

config log disk filter

set severity warning

set forward-traffic enable

set local-traffic enable

set multicast-traffic enable

set sniffer-traffic enable

set anomaly enable

set voip enable

set dlp-archive enable

set gtp enable

end

Is there a better way to do this?

Debbie_FTNT · Answer

Hey Lichong,

instead of setting the serverity to warning (as that will affect ALL logs, not just traffic logs), you could exclude traffic logs specifically with this:

#config log disk filter

#set forward-traffic disable

#end

Other traffic (such as user or system events) would still be logged even with serverity below warning, this way. If you set severity warning, the FortiGate would exclude a lot of logs from the local disk, not just traffic logs (which by default are severity notice).

With the command I suggest above, you would exclue forward traffic specifially, but everything else would still be present.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded