FortiAnalyzer displays the message You have exceeded your daily GB Logs/Day within 7 days when, within the last 7 days, FortiGates exceed the licensed per-day allowance for logging.
As long as that limit is exceeded FortiAnalyzer will display this warning message.
I f you have noticed your FortiAnalyzer VM has consistently exceeded it's licensed GB/day limit for over over 7 days, this is a good time to think about a license upgrade. Although FortiAnalyzer VM will try its best not to drop logs, consistently running over capacity will eventually lead to undetermined behavior. This is because all FortiAnalyzer VM functions are validated within the licensed limit; the behavior beyond that limit is deemed to be unsupportable.
If the FortiAnalyzer encounters any issues while it’s in the license-exceeded state (GB/day), customer support will not be able to investigate unless the licensing issue is fixed. This may delay the response time for any incidents, and may lead to further complications. not affected and Admin users are only being warned.
There are a few ways to limit logs from the FortiGate.
1. If possible, disable logs in internal policies. Options are: log all sessions/security events(UTM) only/none.
2. Limit the logs from UTM profiles(AV/webfilter/Application control/Email).
- You can disable logging in any UTM profiles/sensors.
- Logging option can only be changed from the CLI.
- Refer to the CLI reference documentation at:
http://docs-legacy.fortinet.com/fgt/handbook/cli_html/index.html#page/FortiOS%25205.0%2520CLI/config_antivirus.06.05.html
http://docs-legacy.fortinet.com/fgt/handbook/cli_html/index.html#page/FortiOS%25205.0%2520CLI/config_webfilter.29.12.html
http://docs-legacy.fortinet.com/fgt/handbook/cli_html/index.html#page/FortiOS%25205.0%2520CLI/config_application.07.3.html
3. Limit logs using log filter.
config log fortianalyzer filter
set severity information
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set anomaly enable
set netscan-discovery enable
set netscan-vulnerability enable
set voip enable
set dlp-archive enable
end
4. Limit local logs using log setting.
config log setting
set fwpolicy-implicit-log disable
set log-invalid-packet disable
set local-in-allow disable
set local-in-deny-unicast disable
set local-in-deny-broadcast disable
set deamon-log disable
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.