Technical Tip: How to configure logging in disk using GUI/CLI

hazim · ‎07-06-2022

Description

This article describes how to configure logging in disk.

Disk Logging can be enabled by using either GUI or CLI.

Scope

FortiGate.

Solution

Disk logging is enabled or disabled by default depending on the model of FortiGate.

For some low-end models, disk logging is unavailable. Constant rewrites to flash drives can reduce the lifetime and efficiency of the memory.

If a FortiGate has a log disk, it can be enabled or disabled by GUI or CLI according to the logging requirement :

Enable Disk logging from Web GUI:

Log into FortiGate.
Go to Log & Report -> Log Settings menu (if Virtual Domain is Enabled, set it under each VDOM).
Refer to Local Log -> Enable Disk.
Select 'Apply'.

Enable Disk logging via CLI:

config log disk setting

set status enable

end

Setting additional filters using the command:

FGT (root) # conf log disk filter

FGT (filter) # show full

config log disk filter

set severity information
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set ztna-traffic enable
set anomaly enable
set voip enable
set dlp-archive enable

end

Or:

FGT # sh full log disk filter

config log disk filter

set severity information
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set ztna-traffic enable
set anomaly enable
set voip enable
set dlp-archive enable

end

Note:
If a log disk is unavailable, the option to configure the log disk setting will not be present. For certain models, the log disk comes included with the device and it can be adjusted by configuring it according to the logging requirements.

To check if the log disk is available or not, follow the command below and check the output of 'Log hard disk'.

FGT # get system status

'Log hard disk: Not available'.

Technical Tip: How to configure logging in disk using GUI/CLI

You are leaving our website