Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msanjaypadma
Staff
Staff

Created on ‎06-16-2025 05:45 AM Edited on ‎08-21-2025 04:37 AM By Moderator

Article Id 396610

Technical Tip: Limitations of Disk Logging on FortiGate-30G Firewalls

Description

 

This article provides an overview of the disk logging limitations associated with the FortiGate-30G model.

 

Scope

 

FortiGate-30G.

 

Solution

 

The FortiGate 30G is an entry-level device within the FortiGate product lineup.


By default, the 30G configuration enables disk logging; however, this logging is limited to 'Event' logs only.

The device's disk status is indicated as 'Log hard disk: Limited' because it utilizes internal flash storage to support this restricted logging capability, specifically for event logs.

FortiGate-30G # get sys status
Version: FortiGate-30G v7.2.11,build6542,250210 (GA.M)
Log hard disk: Limited

 

Disk Log filter/settings:

FortiGate-30G # conf log disk filter

FortiGate-30G (filter) # show ful
config log disk filter
    set severity information
end

FortiGate-30G (filter) # get
severity : information
free-style:
FortiGate-30G #


FortiGate-30G # exe log filter device
Available devices:
0: memory
1: disk
2: fortianalyzer
3: fortianalyzer-cloud
4: forticloud

FortiGate-30G # exe log filter device 1 <<<<<<<<<<<<disk selected

FortiGate-30G # exe log filter category
Available categories:
1: event


To enable comprehensive logging - including UTM logs and forwarded traffic logs - activate memory logging. 

Memory logging settings/filter :


config log memory setting
    set status enable <-----
end

FortiGate-30G (filter) # show
config log memory filter
end

FortiGate-30G (filter) # get
severity : information
forward-traffic : enable
local-traffic : enable
multicast-traffic : enable
sniffer-traffic : enable
anomaly : enable
voip : enable
free-style:
FortiGate-30G (filter) #


FortiGate-30G # exe log filter device
Available devices:
0: memory
1: disk
2: fortianalyzer
3: fortianalyzer-cloud
4: forticloud

FortiGate-30G # exe log filter device 0 <----- Memory logging selected.

FortiGate-30G # exe log filter category
Available categories:
0: traffic
1: event
2: utm-virus
3: utm-webfilter
4: utm-ips
5: utm-emailfilter
7: utm-anomaly
8: utm-voip
9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: utm-dns
16: utm-ssh
17: utm-ssl
19: utm-file-filter
20: utm-icap
22: utm-sctp-filter
23: forti-switch

 

FortiGate-30G is a low-end model and has memory constraints. Once logging is enabled, it is recommended to keep a check on memory utilization.

 

FGT30G # get sys performance status
Memory: 1964064k total, 1004172k used (51.1%), 642164k free (32.7%), 317728k freeable (16.2%)

 

FGT30G # get hardware status
Model name: FortiGate-30G
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 4
RAM: 1918 MB
EMMC: 9982 MB(MLC) /dev/mmcblk0
Hard disk: 9944 MB /dev/mmcblk0
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)

 

FGT30G # diagnose sys logdisk usage
Total HD usage: 38MB(37MiB)/2112MB(2015MiB)
Total HD logging space: 1584MB(1511MiB)
HD logging space usage for vdom "root": 0MB(0MiB)/1584MB(1511MiB)

 

Related Links
Technical TIp: Hard disk utilization by the FortiGate 

Labels:
975
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.