Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DanielW
New Contributor II

Created on ‎03-13-2015 02:15 AM

Distinct Log settings for different log categories?

Hello everyone,

 

I was wondering if someone has a hint for me regarding logging on the FortiAnalyzer. We are using it to aggregate Logs from different central Firewalls which are using different UTM Features.

We now want to seperate the settings for different types of Logs. This means for example: Traffic Log can be deleted after 10 days but UTM Log (AV, IPS, Botnet) should be stored for i.e. 30 days. Perhaps some other german customers understand why we are looking into that.

Since the FA saves all logs as .tlog, there is no way to delete just the logfiles themselves.

 

It does not need to be an option in the settings. Any approach fullfilling the task would be helpful.

Any suggestions?

 

Thanks!

Daniel

Labels:
9560
0 Kudos
1 Solution
DanielW
New Contributor II

Created on ‎05-28-2015 05:04 AM

And we have the solution why there are no distinct vlog and alog files in our case. Official Fortinet support:

 

Please be informed that starting from firmware version 5.0.7 there are no log browse files like wlog, alog, vlog, dlog. All security logs are merged with traffic logs and starting from 5.0.7 you should be able to see only tlog files (traffic + security logs) and elog file (event log).

View solution in original post

5810
0 Kudos
9 REPLIES 9
L_FTNT
Staff
Staff

Created on ‎03-17-2015 08:08 AM

I believe this is NOT possible with FAZ today but it would be a very interesting feature to have. It provides much granular control on the log data retention.

 

Do you know if any other similar product in the market today can do this?

Ling Lu
5740
0 Kudos
DanielW
New Contributor II

Created on ‎05-26-2015 02:40 AM

Nobody has any suggestions how to adress this problem? It is a shame that all logs are aggregated in one log file since 5.0. In times past one could just delete all tlog files

5740
0 Kudos
FatalHalt
Contributor II

Created on ‎05-26-2015 09:48 AM

I'm not sure what exactly you mean. The FortiAnalyzer keeps different types of logs in different log formats. They all end in the .log extension, but that's trivial. You can view the different types by going to the Log Browse on the Log View tab. 

 

Events: elog

Traffic: tlog

Virus: vlog

App Control: rlog

IPS: alog

Web Filter: wlog

 

I don't think you can specify different settings for these on the Fortianalyzer itself, but - assuming you're backing up the logs to another server, what you can easily do is create a script which handles these different log types based on the type of log it is. 

 

5740
0 Kudos
DanielW
New Contributor II

Created on ‎05-26-2015 11:52 PM

Hello,

 

that is true for the old Firmware. Which one are you using? On 4.3 we also had this possibility with the different logs. But Fortinet aggregated them all in tlog in 5.0. Since then, there is no way one can treat variant types of log files differently.... or at least none I am aware of.

5740
0 Kudos
FatalHalt
Contributor II

Created on ‎05-27-2015 06:34 AM

This is a screenshot of my FortiAnalyzer running 5.0.6. As you can see I have different types of logs. This is just one page, so I can't show you all of the types, but I do have every type I listed in my previous post. 

 

 

logtypes.JPG
Preview file
33 KB
5740
0 Kudos
DanielW
New Contributor II
In response to FatalHalt

Created on ‎05-27-2015 06:57 AM

That looks like the old logging system I used to know. I suppose it depends on the Fortigates you feed the Analyzer with. Are these also upgraded to FOS 5.0 in your case?

5740
0 Kudos
FatalHalt
Contributor II

Created on ‎05-27-2015 07:11 AM

Yes, I'm running a variety of different FortiGate Models (60,90,100,110,111,300,600,1000), but all are running some version of 5.0.

5739
0 Kudos
DanielW
New Contributor II

Created on ‎05-28-2015 05:04 AM

And we have the solution why there are no distinct vlog and alog files in our case. Official Fortinet support:

 

Please be informed that starting from firmware version 5.0.7 there are no log browse files like wlog, alog, vlog, dlog. All security logs are merged with traffic logs and starting from 5.0.7 you should be able to see only tlog files (traffic + security logs) and elog file (event log).

5811
0 Kudos
FatalHalt
Contributor II
In response to DanielW

Created on ‎05-28-2015 06:10 AM

DanielW wrote:

 

All security logs are merged with traffic logs and starting from 5.0.7 you should be able to see only tlog files (traffic + security logs) and elog file (event log).

 

Guess I never saw that in the release notes haha. Seems a bit silly though. 

5740
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.