Created on 09-17-2019 12:21 AM Edited on 06-08-2022 02:26 PM By Anonymous
Description
This article explains how to delete all traffic and all associated UTM logs or specific FortiGate log entries stored in memory or local disk.
Solution
In some cases (troubleshooting purposes for instance), it is required to delete all or some specific logs stored in memory or local disk.
Note:
- Make sure that the memory or local disk logging and other log options are enabled (Log Allowed Traffic in firewall policy for example) on the FortiGate.
- Following commands are applicable per-VDOM .
1) Example to delete traffic logs and all associated UTM logs from the memory (*):
# execute log filter device 0
# execute log delete
This will delete memory traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y
2) Example to delete only web filtering logs from the memory:
# execute log filter device 0
# execute log filter category 3
# execute log filter dump <----- Run this command to check current filter status
category: webfilter
device: memory
start-line: 1
view-lines: 10
max-checklines: 0
HA member:
Filter:
Oftp search string:
# execute log delete
This will delete memory traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y
3) Example to delete only web filtering logs of specific user from the memory:
# execute log filter device 0
# execute log filter category 3
# execute log filter field user testuser1
# execute log filter dump
category: webfilter
device: memory
start-line: 1
view-lines: 10
max-checklines: 0
HA member:
Filter: (user "testuser1")
Oftp search string: (and (or vd==root exact) (or user==testuser1 not-exact))
# execute log delete
This will delete memory traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y
4) To reset the configured log filters use the following cli command:
# execute log filter reset
5) To delete log entries from the local disk use the following cli log filter:
# execute log filter device
Available devices:
0: memory
1: disk
2: fortianalyzer
3: forticloud
# execute log filter device 1
6) Example to delete all local logs ( memory and local disk :(
# execute log delete-all
This will delete all local logs
Do you want to continue? (y/n) y
(*): To get the device and category list type the filter command without argument.
# execute log filter device
Available devices:
0: memory
1: disk
2: fortianalyzer
3: forticloud
FortiOS 6.2:
# execute log filter category
Available categories:
0: traffic
1: event
2: utm-virus
3: utm-webfilter
4: utm-ips
5: utm-emailfilter
7: utm-anomaly
8: utm-voip
9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: utm-dns
16: utm-ssh
17: utm-ssl
18: utm-cifs
19: utm-file-filter
FortiOS 6.0:
# execute log filter category
Available categories:
0: traffic
1: event
2: utm-virus
3: utm-webfilter
4: utm-ips
5: utm-emailfilter
7: utm-anomaly
8: utm-voip
9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: dns
16: utm-ssh
FortiOS 5.6:
# execute log filter category
Available categories:
0: traffic
1: event
2: utm-virus
3: utm-webfilter
4: utm-ips
5: utm-emailfilter
7: anomaly
8: voip
9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: dns
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.