Description
This article provides the steps to set log and report retention values to store the logs and reports for a longer time using the File Management setting.
Scope
FortiAnalyzer.
Solution
The following options can be used to keep the logs and reports for a longer time before they are auto-deleted permanently.
GUI:
Go to System Settings -> Advanced -> Device log settings -> Automatically delete -> Set the value in terms of Hours or Days or Weeks, or Months, and schedule time at, then select Apply.
CLI:
These settings can also be configured using CLI commands:
config system auto-delete
config dlp-files-auto-deletion
set status {enable | disable}
set value <integer>
set when {days | hours | months | weeks}
end
config quarantine-files-auto-deletion
set status {enable | disable}
set value <integer>
set when {days | hours | months | weeks}
end
config log-auto-deletion
set status {enable | disable}
set value <integer>
set when {days | hours | months | weeks}
end
config report-auto-deletion
set status {enable | disable}
set value <integer>
set when {days | hours | months | weeks}
end
end
Note: Set the quota size for each device/ADOM to a value that is large enough to store the logs for a longer time.
