|
By default, starting from v7.0, memory logging only shows logs with a warning level or higher. Logs below the warning level are not stored in memory.
- Make sure that all logs are stored in memory.
- To change this and ensure that all logs are stored in memory when they are generated, apply the following configuration via the CLI:
config log memory filter
set severity information
end
-
Once the change has been made, it can be verified via CLI to check that the severity setting has been set to information:
get log memory filter
severity : information
forward-traffic : enable
local-traffic : disable
multicast-traffic : enable
sniffer-traffic : enable
anomaly : enable
netscan-discovery : enable
netscan-vulnerability: enable
voip : enable
- If the logs continue not to appear after the severity has been adjusted, consider the following:
-
Verify that memory logging is enabled.
get log memory setting
-
Check if the memory is not full and the log daemon 'miglogd' is running.
diagnose system process pidof miglogd
-
Check if the Logs are being displayed using the CLI.
execute log filter category 0 <------ 0 is for memory.
Available devices:
0: memory
1: disk
2: fortianalyzer
3: fortianalyzer-cloud
4: forticloud
execute log filter view-lines 10
execute log display
-
Sufficient memory usage: To check system performance, including memory usage, run:
get system performance status
-
Use the following command to restart the logging daemon:
fnsysctl killall miglogd
In some cases, terminating the daemon has no effect because it is already stopped. Verify its state by running:
diagnose sys top 1 100
If the miglogd process shows a state value of 'T' (terminated), a system reboot is required to resume logging.
|
