Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
condor
New Contributor

Created on ‎06-20-2016 01:01 PM

FGT310B without local (memory) logging.

 

  Hi, i have FGT310B (v5.2.3,build670 (GA)) and i can't see the memory logs.

FGT310B (setting) # show full-configuration 
config log memory setting
    set status enable
    set diskfull overwrite
end

FGT310B (setting) # show full
config log setting
    set resolve-ip disable
    set resolve-port enable
    set log-user-in-upper disable
    set fwpolicy-implicit-log disable
    set fwpolicy6-implicit-log disable
    set log-invalid-packet disable
    set local-in-allow enable
    set local-in-deny-unicast enable
    set local-in-deny-broadcast disable
    set local-out enable
    set daemon-log disable
    set neighbor-event disable
    set brief-traffic-format disable
    set user-anonymize disable
end

And I want to see in syslog server (both: server and memory)

FGT310B (setting) # show
config log syslogd setting
    set status enable
    set server "192.168.x.x"
    set facility audit
end

Any ideas?

Thank you very much.

Condor.

Labels:
15734
0 Kudos
2 Solutions
Carlos_A_Almeida
New Contributor III
In response to condor

Created on ‎06-20-2016 02:33 PM

Sorry Condor, I misread your original post. You are already sending your logs do syslog.

 

Try to run those commands: 

# this will show stats about log creation

diag log kernel-stats

 

# this will create some testing logs

diag log test

 

and run diag log kernel-stats again to see if had some increase. And check your syslog to see if those logs are there.

 

View solution in original post

5105
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to condor

Created on ‎06-23-2016 06:02 AM

'facility' is not the same as 'logging level'. It's just a label to signify the source to the logging device.

Check the CLI options for 'config log memory settings' and 'config log memory filter'.

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
5105
0 Kudos
11 REPLIES 11
Carlos_A_Almeida
New Contributor III

Created on ‎06-20-2016 02:14 PM

Hello, your Fortigate hasn't a local disk.

 

FGT310B Module: "Flexible expansion options for four additional NP-accelerated ports or HDD for local logging and archiving"

 

Your options are: Fortianalyzer, Forticloud or an external syslog server.

4255
0 Kudos
condor
New Contributor
In response to Carlos_A_Almeida

Created on ‎06-20-2016 02:20 PM

Thanks for reply Carlos,

Ok, memory don't work without disk. I sending my logs to 192.168.x.x. How could i know that the logs send out from the Fortigate if i cant see logs?

Any ideas?Thanks.

4255
0 Kudos
Carlos_A_Almeida
New Contributor III
In response to condor

Created on ‎06-20-2016 02:33 PM

Sorry Condor, I misread your original post. You are already sending your logs do syslog.

 

Try to run those commands: 

# this will show stats about log creation

diag log kernel-stats

 

# this will create some testing logs

diag log test

 

and run diag log kernel-stats again to see if had some increase. And check your syslog to see if those logs are there.

 

5106
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to Carlos_A_Almeida

Created on ‎06-21-2016 03:29 AM

AFAIK memory logging is independent of hard disk and should work in any FGT.

You do have to select 'memory' as the log source in the WebGUI (upper right corner IIRC).

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4255
0 Kudos
condor
New Contributor

Created on ‎06-21-2016 10:08 AM

Hi, so i run these cmds.

 

FGT310B # diag log kernel-stats
fgtlog: 1
fgtlog 0: total-log=4942, failed-log=0

FGT310B # diag log test
generating a system event message with level - warning
generating an infected virus message with level - warning
generating a blocked virus message with level - warning
generating a URL block message with level - warning
generating a DLP message with level - warning
generating an IPS log message
generating an anomaly log message
generating an application control IM message with level - information
generating an IPv6 application control IM message with level - information
generating deep application control logs with level - information
generating an antispam message with level - notification
generating an allowed traffic message with level - notice
generating a multicast traffic message with level - notice
generating a ipv6 traffic message with level - notice
generating a wanopt traffic log message with level - notification
generating a HA event message with level - warning
generating netscan log messages with level - notice
generating a VOIP event message with level - information
generating a DNS event message with level - information
generating authentication event messages
generating a Forticlient message with level - information
generating a NAC QUARANTINE message with level - notification
generating a URL block message with level - warning

FGT310B # diag log kernel-stats 
fgtlog: 1
fgtlog 0: total-log=5051, failed-log=0

 

 

But, i can see the system log:

I don't know why i cant see traffic?! what is wrong.

 

Thanks.

 

 

 

 

4255
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎06-22-2016 12:36 AM

Traffic logs are only generated if you lower the logging level to 'information'.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4255
0 Kudos
condor
New Contributor
In response to ede_pfau

Created on ‎06-22-2016 12:32 PM

Hi zhunissov4, thats already configured:

 

ede_pfau, i always use "information" log's level, but in these version only exist these levels:

FGT310B (setting) # set facility kernel      Kernel messages. user        Random user-level messages. mail        Mail system. daemon      System daemons. auth        Security/authorization messages. syslog      Messages generated internally by syslog. lpr         Line printer subsystem. news        Network news subsystem. uucp        Network news subsystem. cron        Clock daemon. authpriv    Security/authorization messages (private). ftp         FTP daemon. ntp         NTP daemon. audit       Log audit. alert       Log alert. clock       Clock daemon. local0      Reserved for local use. local1      Reserved for local use. local2      Reserved for local use. local3      Reserved for local use. local4      Reserved for local use. local5      Reserved for local use. local6      Reserved for local use. --More--          local7      Reserved for local use.

 

 

thanks

 

 

 

 

 

[link]https://s31.postimg.org/tx27bl47v/Forti_log04.png[/link]

4255
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to condor

Created on ‎06-23-2016 06:02 AM

'facility' is not the same as 'logging level'. It's just a label to signify the source to the logging device.

Check the CLI options for 'config log memory settings' and 'config log memory filter'.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
5106
0 Kudos
condor
New Contributor
In response to ede_pfau

Created on ‎06-23-2016 09:38 AM

Hi, ede_pfau, you found the solution. Here is the configuration of : config log memory filter 

FGT310B (filter) # show full-configuration
config log memory filter
    set severity warning
    set forward-traffic enable
    set local-traffic disable
    set multicast-traffic enable
    set sniffer-traffic enable
    set anomaly enable
    set netscan-discovery enable
    set netscan-vulnerability enable
    set voip enable
end
So i make the commands: 
    set severity information
    set local-traffic enable
I can't recieve logs on server but maybe is a NAT problem. Thanks to all for help.

4255
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.