Description |
This article describes how, when configuring a syslogd filter or FortiAnalyzer filter (in 6.x,), it is possible to define both logid list and log level. However, the logic is not described between the log ID and log level. |
|||||||||||||||||||||||||||
Scope | FortiGate 6.x, 7.0.x. | |||||||||||||||||||||||||||
Solution |
Use the following command to set the filter on 6.x:
set filter
set filter "logid(40704,32042)"
Example 2:
set filter "event-level(information)"
The available levels are as follows:
The logic between the log ID and log level is AND.
Below is an example in 6.x:
show log syslogd filter config log syslogd filter
It is not possible to know the logic between the event level and logid from this.
After the upgrade to 7.0.x, the same configuration was changed to:
FGT-1 # show log syslogd filter
From the new version output, the logic between log level and log id is AND.
Filter more logid(s) - the filters below are equivalent:
set filter "logid 0100032001 0100032003"
To disable logging of some logs, use set filter-type exclude. Below is an example of how to disable DHCP logging:
config log disk filter
Another note:
In 6.x, the event-level (notice) is not level == notice (5). Instead, it is <= notice (5), which means level == emergency (0), alert (1), critical (2), error (3), warning (4), notice (5).
See this Linux syslog article for more information.
The log level
Every printk() message has its own log level. If the log level is not explicitly specified as part of the message, it defaults to default_message_loglevel. The conventional meaning of the log level is as follows:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.