Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
vraev
Staff
Staff

Created on ‎06-06-2025 05:02 AM Edited on ‎10-01-2025 03:24 AM By Staff

Article Id 395221

Troubleshooting Tip: How to verify the log limits of the FortiAnalyzer hardware platforms

Description

 

This article describes how to confirm whether a FortiAnalyzer hardware platform has reached its rated log limits.

 

Notes:

  1. These limits are not enforced, and reaching them does not automatically lead to data loss. However, consistently exceeding the log limits may overload the hardware and significantly degrade the system performance.
  2. The information here is for FortiAnalyzer hardware only. In FortiAnalyzer VM, the log limits are defined by the VM license and do not relate to the hardware capabilities of the unit.
  3. Log Forwarding utilizes additional resources. Forwarding all logs to an external server should not have a very significant impact, but applying filters in the log-forward configuration may increase the CPU utilization even though there is no explicit limit for that.

 

Scope

 

FortiAnalyzer/FortiManager - hardware platforms only

 

Solution

 

The following CLI command prints the limits:

 

# get system loglimits

 

The following CLI command tree shows the actual log rate and log volume stats:

 

# diagnose fortilogd
lograte           Display log rate.
lograte-adom      Display log rate by adom.
lograte-device    Display log rate by device.
lograte-total     Display log rate by total.
lograte-type      Display log rate by type.
logvol-adom       Display log GB/day by adom.

 

Example:

 

Run 'get system loglimits' to see the unit's rated limits:

 

# get system loglimits
GB/day : 200
Peak Log Rate : 9000
Sustained Log Rate : 6000

 

Check the current log rate (the values are logs/sec averages for the last 5, 30, and 60 seconds):

 

# diagnose fortilogd lograte
last 5 seconds: 5009.8, last 30 seconds: 4757.8, last 60 seconds: 4545.2

 

Check the long-term log rate averages (the values are logs/sec averages for the last 1, ,24 and 168 hours):

 

# diagnose fortilogd lograte-total
Logs per second
Totals    Last  Hour     Day      Week
-------------------------------------------------------
           :    4455.2   4241.5   4357.4

 

Check the received log volumes per-ADOM:

 

# diagnose fortilogd logvol-adom "root"
2025-09-30 2025-09-29 2025-09-28 2025-09-27 2025-09-26 2025-09-25 2025-09-24   average
adom 'root':
 49.16 GB  130.13 GB  128.05 GB  132.07 GB  155.21 GB  127.13 GB  139.06 GB    122.97 GB

 

To review the log forwarding rate:

 

# diagnose test application logfwd 4

log/sec: 4528.2 4404.3 4361.9

 

678
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.