FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to configure the FortiGate for log rollover when the disk usage surpasses 80%.
Scope
FortiGate.
Solution
Resolution:
Understanding Default Disk Usage: FortiGate systems reserve about 25% of disk space for system utilities and unforeseen quota overflows. As a result, only approximately 75% of the disk space is available for log storage.
Configuring Log Settings: By default, when the log disk is full, the system will overwrite the oldest logs. However, users can adjust this setting to either:
Overwrite the oldest logs when the log disk becomes full.
Stop logging when the log disk is full.
To modify this behavior, use the following CLI commands:
config log disk setting set diskfull [overwrite|nolog]
end
Where:
overwrite: Overwrite the oldest logs when the log disk is full. nolog: Stop logging in when the log disk is full.
Note:
It is essential to regularly monitor disk usage and ensure that it does not affect the firewall's operational efficiency. Making frequent backups and utilizing a FortiAnalyzer for off-device logging can be beneficial in long-term log retention and monitoring.
