|
The 'set upload enable' command is used to activate the log export feature and provides several options to control the behavior of log uploads.
iridium-esx51 # config log disk setting
iridium-esx51 (setting) # set upload enable
iridium-esx51 (setting) # set
*status Enable/disable local disk logging.
ips-archive Enable/disable IPS packet archiving to the local disk.
max-log-file-size Maximum log file size before rolling (1 - 100 Mbytes).
max-policy-packet-capture-size Maximum size of policy sniffer in MB (0 means unlimited).
roll-schedule Frequency to check log file for rolling.
roll-time Time of day to roll the log file (hh:mm).
diskfull Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full (default = overwrite).
log-quota Disk log quota (MB).
dlp-archive-quota DLP archive quota (MB).
report-quota Report db quota (MB).
maximum-log-age Delete log files older than (days).
upload Enable/disable uploading log files when they are rolled.
upload-destination The type of server to upload log files to. Only FTP is currently supported.
*uploadip IP address of the FTP server to upload log files to.
uploadport TCP port to use for communicating with the FTP server (default = 21).
source-ip Source IP address to use for uploading disk log files.
*uploaduser Username required to log into the FTP server to upload disk log files.
uploadpass Password required to log into the FTP server to upload disk log files.
uploaddir The remote directory on the FTP server to upload log files to.
uploadtype Types of log files to upload. Separate multiple entries with a space.
uploadsched Set the schedule for uploading log files to the FTP server (default = disable = upload when rolling).
uploadtime Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh).
upload-delete-files Delete log files after uploading (default = enable).
full-first-warning-threshold Log full first warning threshold as a percent (1 - 98, default = 75).
full-second-warning-threshold Log full second warning threshold as a percent (2 - 99, default = 90).
full-final-warning-threshold Log full final warning threshold as a percent (3 - 100, default = 95).
interface-select-method Specify how to select outgoing interface to reach serv]
The below configuration shows an example where the traffic logs are sent to the FTP server when the file is rolled. In the above example, the 'max-log-file-size' is 10MB so a new file is created after 10MB and the rolled file (10MB) is set to the FTP server.
config log disk setting
set status enable
set upload enable
set uploadpass password
set uploadtype traffic
set max-log-file-size 10
set uploadip 10.5.197.15
set uploaduser "test1"
end
FortiGate log files are compressed using the lz4 algorithm. These files have a specific structure that requires decoding for readability. Fortinet provides a Java-based tool for decoding the log files.
Related article:
Technical Tip: Transferring historical logs from a FortiGate hard disk to a FortiAnalyzer
|
