Description

This article explains how to delete FortiGate log entries stored in memory or on the local disk.

Scope

FortiGate.

Solution

It is assumed that memory or local disk logging is enabled on the FortiGate and other log options are enabled (at Protection Profile level for example).
Please note that those commands are per-VDOM where applicable.

Example to delete logs from memory for only utm-webfilter entries (*):

execute log filter device 0
execute log filter category 3
execute log delete

This will delete memory traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y

Example to delete logs from Disk for only utm-webfilter entries (*):

execute log filter device 1
execute log filter category 3
execute log delete

This will delete disk traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y

 Example to delete all local logs (memory and local disk):

execute log delete-all

This will delete all local logs
Do you want to continue? (y/n) y

Note:

To get the device and category list, type the filter command without argument.

execute log filter device

Available devices:
 0: memory
 1: disk
 2: fortianalyzer
 3: fortianalyzer-cloud
 4: forticloud

execute log filter category

Available categories:
 0: traffic
 1: event
 2: utm-virus
 3: utm-webfilter
 4: utm-ips
 5: utm-emailfilter
 7: utm-anomaly
 8: utm-voip
 9: utm-dlp
10: utm-app-ctrl
12: utm-waf
14: gtp
15: utm-dns
16: utm-ssh
17: utm-ssl
19: utm-file-filter
20: utm-icap
22: utm-sctp-filter
23: forti-switch

Note:

Some categories may not be available on some versions.

Related article:

Technical Tip : How to delete FortiGate log entries stored in memory or local disk