FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbabic
Staff
Staff

Description
This article explains how to delete all traffic and all associated UTM logs or specific FortiGate log entries stored in memory or local disk.

Solution
In some cases (troubleshooting purposes for instance), it is required to delete all or some specific logs stored in memory or local disk.

Note:
- Make sure that the memory or local disk logging and other log options are enabled (Log Allowed Traffic in firewall policy for example) on the FortiGate.

- Following commands are applicable per-VDOM .

1) Example to delete traffic logs and all associated UTM logs from the memory (*):

# execute log filter device 0
# execute log delete
This will delete memory traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y

2) Example to delete only web filtering logs from the memory:

# execute log filter device 0
# execute log filter category 3
# execute log filter dump                      <----- Run this command to check current filter status
category: webfilter
device: memory
start-line: 1
view-lines: 10
max-checklines: 0
HA member:
Filter:
Oftp search string:
# execute log delete
This will delete memory traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y

3) Example to delete only web filtering logs of specific user from the memory:

# execute log filter device 0
# execute log filter category 3
# execute log filter field user testuser1
# execute log filter dump
category: webfilter
device: memory

start-line: 1
view-lines: 10
max-checklines: 0
HA member:
Filter: (user "testuser1")
Oftp search string: (and (or vd==root exact) (or user==testuser1 not-exact))

# execute log delete
This will delete memory traffic logs and all associated UTM logs.
Do you want to continue? (y/n) y

4) To reset the configured log filters use the following cli command:

# execute log filter reset

5) To delete log entries from the local disk use the following cli log filter:

# execute log filter device
Available devices:
 0: memory
 1: disk
 2: fortianalyzer
 3: forticloud

# execute log filter device 1

6) Example to delete all local logs ( memory and local disk :(

# execute log delete-all
This will delete all local logs
Do you want to continue? (y/n) y

(*): To get the device and category list type the filter command without argument.

# execute log filter device
Available devices:
 0: memory
 1: disk
 2: fortianalyzer
 3: forticloud

FortiOS 6.2:

# execute log filter category
Available categories:
 0: traffic
 1: event
 2: utm-virus
 3: utm-webfilter
 4: utm-ips
 5: utm-emailfilter
 7: utm-anomaly
 8: utm-voip
 9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: utm-dns
16: utm-ssh
17: utm-ssl
18: utm-cifs
19: utm-file-filter

FortiOS 6.0:

# execute log filter category
Available categories:
 0: traffic
 1: event
 2: utm-virus
 3: utm-webfilter
 4: utm-ips
 5: utm-emailfilter
 7: utm-anomaly
 8: utm-voip
 9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: dns
16: utm-ssh

FortiOS 5.6:

# execute log filter category
Available categories:
 0: traffic
 1: event
 2: utm-virus
 3: utm-webfilter
 4: utm-ips
 5: utm-emailfilter
 7: anomaly
 8: voip
 9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: dns

 

 

 

 

Contributors