Technical Tip: How to configure logging in disk using GUI/CLI

This article describes how to configure logging in disk.

Disk Logging can be enabled by using either GUI or CLI.

If FortiGate has a hard disk, it is enabled by default to store logs.

This setting can be adjusted by configuring it according to the logging requirements.

Disk logging is disabled by default if the FortiGate device only has flash memory because it is not recommended.

Constant rewrites to flash drives can reduce the lifetime and efficiency of the memory.

It needs to be enabled in the CLI's configuration log disk setting.

For some low-end models, disk logging is unavailable.

Enable Disk logging from Web GUI.

1. Log into FortiGate.
   
   
2. Go to Log & Report -> Log Settings menu (if Virtual Domain is Enabled, set it under each VDOM).
   
   
3. Refer to Local Log -> Enable Disk.
   
   
4. Select Apply.

FGT (root) # conf log disk filter

FGT (filter) # show full

config log disk filter

    set severity information
    set forward-traffic enable
    set local-traffic enable
    set multicast-traffic enable
    set sniffer-traffic enable
    set ztna-traffic enable
    set anomaly enable
    set voip enable
    set dlp-archive enable

end

Or:

FGT # sh full log disk filter

config log disk filter

    set severity information
    set forward-traffic enable
    set local-traffic enable
    set multicast-traffic enable
    set sniffer-traffic enable
    set ztna-traffic enable
    set anomaly enable
    set voip enable
    set dlp-archive enable

end