Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
avilt
New Contributor

Fortinet 200D OS Location

I have a fortinet 200D with the following status. In this case I believe the OS is installed in flash. So can I perform a hard reboot of the system. Also where does the firewall going to store the logs? get hardware status Model name: FortiGate-200D ASIC version: CP8 ASIC SRAM: 64M CPU: Intel(R) Celeron(R) CPU G540 @ 2.50GHz Number of CPUs: 2 RAM: 3960 MB Compact Flash: 15331 MB /dev/sda Hard disk: 61057 MB /dev/sdb USB Flash: not available Network Card chipset: Intel(R) PRO/1000 Network Connection (rev.0000)
1 Solution
Paul_Dean
Contributor

Have a look at the "execute log" cli command:

 

execute log delete           delete local logs of one category delete-all       delete all local logs delete-rolled    delete local rolled log file(s) display          display filtered log entries filter           filter fortianalyzer    fortianalyzer fortiguard       fortiguard list             list current and rolled log files info roll             roll log files now upload           upload log/archive to faz/fas upload           upload log/archive to faz/fas

 

NSE4

View solution in original post

NSE4
5 REPLIES 5
ede_pfau
Esteemed Contributor III

hi, you are right, firmware and config are stored in the CF (flash) file system. Logs can be stored to the internal SSD (' disk' ) if configured. Different to many smaller models even heavy logging to disk will not have any adverse effects on hardware durability. A reboot by power cycling (' hard reboot' ) can be done but should be avoided. At least you should backup the config (if that is possible at all). Either a ' exec reboot' or a ' exec shut' plus power cycling is the way to go. I' ve been in situations where the FGT wouldn' t take any CLI commands anymore and I had to revert to power cycling. Which cost me the integrity of the config. Luckily, the FGT was not logging to local disk. I would expect the file system to be compromised otherwise.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
avilt
New Contributor

Here how can I confirm the logging location (HD vs Flash)?

ede_pfau
Esteemed Contributor III

Either in the GUI, Log&Report - Traffic Log (or any other category). The data source is displayed in the lower left corner.

Or in the CLI, 'get log mem settings' - check the 'status'. Same for 'get log disk sett'. If both are enabled you can choose the displayed source.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
avilt
New Contributor

Thanks, cofnirmed with the following output. What is the right method to cleanup the hard disk if hard disk is reaching it's full capacity? How can I manually delete the log files?

 

MyFortinet # get log memory setting diskfull : overwrite status : disable

 

 

ede_pfau wrote:

Either in the GUI, Log&Report - Traffic Log (or any other category). The data source is displayed in the lower left corner.

Or in the CLI, 'get log mem settings' - check the 'status'. Same for 'get log disk sett'. If both are enabled you can choose the displayed source.

Paul_Dean
Contributor

Have a look at the "execute log" cli command:

 

execute log delete           delete local logs of one category delete-all       delete all local logs delete-rolled    delete local rolled log file(s) display          display filtered log entries filter           filter fortianalyzer    fortianalyzer fortiguard       fortiguard list             list current and rolled log files info roll             roll log files now upload           upload log/archive to faz/fas upload           upload log/archive to faz/fas

 

NSE4
NSE4
Labels
Top Kudoed Authors