|
Since FortiOS v3.0, the logging to disk configuration was removed from the web-based manager. It remains an option on FortiGate units equipped with an internal hard disk; however, it is necessary to configure the logging using the Command Line Interface (CLI).
In FortiOS v2.8, the configuration of logging to disk was available in both the web-based manager and the CLI. The following commands can be used in both versions of FortiOS.
To enable logging to the hard disk, use the CLI command:
config log disk setting
set status enable
end
Once enabled, it is possible to configure logging options for the disk.
It is also possible to set additional filters using the command: 'config log disk filter'.
To verify the presence of an internal hard disk for logging, run the command 'get system status' and search for Log Hard Disk option. If Log hard Disk: not available, refer to the article to troubleshoot the issue. Technical Tip: 'Log hard disk: Not available'
Additional Note:
The same configuration applies to the newest versions of FortiOS, including v7.2.x, v7.4.x, and v7.6.x.
As the initial versions of this article were created a long time ago, a few options under these settings might have changed.
However, on v7.4.8 of the FortiOS, as an example, the options for 'config log disk setting' are as follows:
config log disk setting
set status enable
set ips-archive enable
set max-policy-packet-capture-size 100
set log-quota 0
set dlp-archive-quota 0
set report-quota 0
set maximum-log-age 7
set upload disable
set full-first-warning-threshold 75
set full-second-warning-threshold 90
set full-final-warning-threshold 95
set max-log-file-size 20
set roll-schedule daily
set roll-time 00:00
set diskfull overwrite
end
And for 'config log disk filter':
config log disk filter
set severity information
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set ztna-traffic enable
set anomaly enable
set voip enable
set dlp-archive enable
set gtp enable
set forti-switch enable
end
|
