Description
How to disable logs being logged and forwarded to FortiAnalyzer.
Scope
FortiGate.
Solution
This article describes how the logs can be stopped logging in Memory/Disk and being forwarded to FortiAnalyzer from certain firewall policies. In the following example, FortiGate is connected to FortiAnalyzer to forward and save the logs. As per the requirements, certain firewall policies should not record the logs and forward them.
But the firewall still sends logs hitting this rule to the FortiAnalyzer even though the logtraffic is set to disable.
config firewall policy
edit <id>
set name "test"
set srcintf "LAN"
set dstintf "SDWAN"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL_ICMP" "PING"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set logtraffic disable<-
next
end
The logs shown are ICMP error logs, which are controlled by extended-log under 'config log setting'.
Check the following information in the Command Line:
config log setting
set resolve-ip disable
set resolve-port enable
set log-user-in-upper disable
set fwpolicy-implicit-log enable
set fwpolicy6-implicit-log disable
set extended-log enable <- Disable extended traffic logging.
set local-in-allow enable
set local-in-deny-unicast enable
set long-live-session-stat enable
end
Once this settings option is changed, the required policies will stop being logged.
Related document:
