Can someone advise how to config FortiGate to save 90 days logs history or to config limit for log size (up to 1GB log size)?
the FortiGate logs history we need are Forward Traffic and System Events
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @noamsh88,
Those commands only work if your FortiGate supports disk logging. You can verify by running "get system status". Example below:
Smough-kvm64 # get system status
Version: FortiGate-VM64-KVM v7.2.5,build1517,230606 (GA.F)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
Serial-Number:
License Status: Valid
VM Resources: 1 CPU/2 allowed, 1993 MB RAM
Log hard disk: Available >>> Disk logging is supported.
Hostname: Smough-kvm64
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1517
Release Version Information: GA
FortiOS x86-64: Yes
System time: Mon Oct 2 09:12:11 2023
Last reboot reason: warm reboot
If disk logging is not supported. You can send logs to FortiGate Cloud which by default saves the logs for 7 days. You can purchase a license to be able to save logs up to 1 year.
Regards,
Hi Team,
Please refer the below article
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-the-maximum-age-for-logs-on-dis...
Let us know if you need any further assistance
Thanks, our "FortiGate 100F v6.4.6 build6131 (GA)" version seems not supporting this option
can you please advise if there is other CLI for this FortiGate version?
FG-101F-No # config log disk setting
command parse error before 'disk'
Command fail. Return code 1
FG-101F-No # config log setting
FG-101F-No (setting) # set maximum-log-age 90
command parse error before 'maximum-log-age'
Command fail. Return code -61
FG-101F-No (setting) # show full-configuration
config log setting
set resolve-ip disable
set resolve-port enable
set log-user-in-upper disable
set fwpolicy-implicit-log disable
set fwpolicy6-implicit-log disable
set log-invalid-packet disable
set local-in-allow enable
set local-in-deny-unicast enable
set local-in-deny-broadcast enable
set local-out enable
set daemon-log disable
set neighbor-event disable
set brief-traffic-format disable
set user-anonymize disable
set expolicy-implicit-log disable
set log-policy-comment disable
end
FG-101F-No (setting) #
Hi @noamsh88,
Those commands only work if your FortiGate supports disk logging. You can verify by running "get system status". Example below:
Smough-kvm64 # get system status
Version: FortiGate-VM64-KVM v7.2.5,build1517,230606 (GA.F)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
Serial-Number:
License Status: Valid
VM Resources: 1 CPU/2 allowed, 1993 MB RAM
Log hard disk: Available >>> Disk logging is supported.
Hostname: Smough-kvm64
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1517
Release Version Information: GA
FortiOS x86-64: Yes
System time: Mon Oct 2 09:12:11 2023
Last reboot reason: warm reboot
If disk logging is not supported. You can send logs to FortiGate Cloud which by default saves the logs for 7 days. You can purchase a license to be able to save logs up to 1 year.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1697 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.