| Description | This article describes how to suppress messages BGP: 'Outgoing [RIB] Withdraw: Can't find route' from Router Events logs. |
| Scope | FortiOS. |
| Solution |
In scenario where a FortiGate device receives multiple routes from a BGP peer, it is common to filter incoming routes using a prefix-list to accept only the desired (interesting) prefixes.
However, if a route is filtered out the FortiGate may generate frequent log messages with the message 'Outgoing [RIB] Withdraw: Can't find route', like the following:
date=2025-09-16 time=15:17:11 eventtime=1758061030525342178 tz="-0700" logid="0103020304" type="event" subtype="router" level="warning" vd="root" logdesc="Routing log warning" msg="BGP: 10.0.0.2-Outgoing [RIB] Withdraw: Can't find route 11.0.0.0/24"
These messages occur when the remote BGP peer attempts to withdraw a route that was never installed in the RIB (Routing Information Base).
Example Topology:
If an ISP is sending full internet routes while the prefix list on FortiGate is configured to accept only the default route, FortiOS will generate the above log more frequently and in larger volumes.
The FortiGate is configured to accept only a default route from the ISP, similar to the example in Technical Tip: FortiGate BGP configuration to announce specific routes and accept only a default rou....
config router bgp set as 65001 config neighbor edit "10.0.0.2" set capability-graceful-restart enable set soft-reconfiguration enable set prefix-list-in "default-only" set remote-as 65002 next end end
Although the FortiGate does receive additional route advertisements from the ISP, these are filtered out by the prefix-list and not installed in the routing table. When the ISP later advertises a route withdrawal for these prefixes, the FortiGate generates the error log.
Workaround:
Configure an 'exclude' event filter for the appropriate logging target, under 'config log [memory | disk | fortianalyzer | fortiguard | syslogd | disk] filter'. After applying the filter, new matching events are not logged to the selected logging target.
For example, the following configuration filters these events from the FortiOS memory log.
config free-style edit <index> set category event next end end
Note: log ID 0103020304 is a generic ID shared between multiple routing processes, so the provided filter will disable some other logs. For example, some Bidirectional Forwarding Detection (BFD) and Protocol Independent Multicast - Dense Mode (PIM-DM) events also use log ID 0103020304 and would not be recorded if the filter is applied. Before applying the filter, it is recommended to review available router event logs to ensure required logs will not be affected.
Related Articles: FortiOS v7.4.8 Administration Guide | config log disk filter Troubleshooting Tip: How to resolve BGP issue 'Outgoing [RIB] Withdraw: Can't find route' |
