Description

This article describes how to set the maximum age for logs stored on disk.

Scope

FortiGate.

Solution

By default, the maximum age for logs to store on disk is 7 days.
Logs older than this are purged.

Below are the steps to increase the maximum age of logs stored on disk.

config log disk setting
    set maximum-log-age                                    <----- Enter an integer value from <0> to <3650> (default = <7>).
end

Example:

config log disk setting
    set maximum-log-age 30                   <----- Here logs older than 30 days will be purged.
end

If the FortiGate is part of the Security Fabric, the following error will be observed:

Cannot change disk setting while Security Fabric is enabled.object site operator error, -39 discard the setting

If the Security Fabric setup is not required, disable the setting as showcased in the following screenshot:

To disable from the GUI, navigate to Security Fabric -> Fabric Connectors -> Security Fabric Setup -> Select Security Fabric role as standalone.

Note:
If the log disk becomes full before the maximum-log-age is reached, then older logs will get overwritten.

Related article:

Technical Tip: How to configure logging in disk using GUI/CLI