Technical Tip: How to delete FortiGate log entries stored in memory or local disk

vhitnal · ‎08-20-2019

Description
This article explains how to delete FortiGate log entries stored in memory or local disk.

Scope
The examples that follow are given for FortiOS 5.4, 5.6, 6.0 and 6.2.
Solution
It is assumed that memory or local disk logging is enabled on the FortiGate and other log options enabled (at Protection Profile level for example).
Please note that those commands are per-VDOM where applicable.

1) Example to delete logs from memory for only utm-webfilter entries (*):

# execute log filter device 0
# execute log filter category 3
# execute log delete

This will delete memory traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y

2) Example to delete logs from Disk for only utm-webfilter entries (*):

# execute log filter device 1
# execute log filter category 3
# execute log delete

This will delete disk traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y

3) Example to delete all local logs (memory and local disk) :

# execute log delete-all
This will delete all local logs
Do you want to continue? (y/n) y

(*) Note: To get the device and category list, type the filter command without argument .
# execute log filter device
Available devices:
0: memory
1: disk
2: fortianalyzer
3: forticloud
# execute log filter category
Available categories:
0: traffic
1: event
2: utm-virus
3: utm-webfilter
4: utm-ips
5: utm-emailfilter
7: utm-anomaly
8: utm-voip
9: utm-dlp
10: utm-app-ctrl
12: utm-waf
14: gtp
15: dns
16: utm-ssh

Related Articles
Technical Tip : How to delete FortiGate log entries stored in memory or local disk

Technical Tip: How to delete FortiGate log entries stored in memory or local disk

You are leaving our website