Hi,
maybe we missed something and this feature was removed but I would like to see local reports and before I had like 7 versions on the memory (in Log Settings > Local Logs it is activated) and I dont see anything else.
Also on Forticloud we had like 7 days some reports.
Is it possible that there is no option anymore without another licence?
Thanks,
Roland
Solved! Go to Solution.
What is the FortiOS version you are using?
Logging to memory still is available on the 'small' FGTs, and does not require any license. It is (at least) configurable in CLI:
config log memory setting
set status enable
end
config log memory global-setting
set max-size 10485760
end
Depending on the HW revision of your FGT you may specify a bigger amount of memory dedicated to logging (== RAM disk).
If you do log into memory you probably want to suppress superfluous log entries, like these:
config log memory filter
set multicast-traffic disable
config free-style
edit 1
set category ssl
set filter "logid 1700062302"
set filter-type exclude
next
edit 2
set category event
set filter "logid 0100026001 or logid 0100026003 or logid 0100040704"
set filter-type exclude
next
end
end
This will filter DHCP messages and then some. Log IDs are listed in the Log Reference manual. 62302 is about cert resigning, 2600x about DHCP and 40704 is the performance log entry.
What is the FortiOS version you are using?
Logging to memory still is available on the 'small' FGTs, and does not require any license. It is (at least) configurable in CLI:
config log memory setting
set status enable
end
config log memory global-setting
set max-size 10485760
end
Depending on the HW revision of your FGT you may specify a bigger amount of memory dedicated to logging (== RAM disk).
If you do log into memory you probably want to suppress superfluous log entries, like these:
config log memory filter
set multicast-traffic disable
config free-style
edit 1
set category ssl
set filter "logid 1700062302"
set filter-type exclude
next
edit 2
set category event
set filter "logid 0100026001 or logid 0100026003 or logid 0100040704"
set filter-type exclude
next
end
end
This will filter DHCP messages and then some. Log IDs are listed in the Log Reference manual. 62302 is about cert resigning, 2600x about DHCP and 40704 is the performance log entry.
Hello,
it is a FG100F with 7.4.3.
It is a critical environment, enabling the logs should not affect in anything, no?
Thanks!
Well, it will cost you memory. The 100F either has 2 or 4 GB of RAM.
IMHO logging to memory is only a workaround, that is, temporary. If you are serious about that network you will plan for a FAZ soon.
Then again, "critical" and "7.4" in one sentence?
Local reporting is available only on models with a disk, such as the FortiGate 101F. The free edition of FortiCloud includes a 360-degree report that cannot be modified. For long-term reporting and customization, consider purchasing FortiAnalyzer. Alternatively, you can use open-source syslog servers that support reporting. In this setup, the FortiGate will forward traffic to the syslog server, which will then generate the reports.
Hi,
just to get this right, all models (our FG100F, 60F, 200F) dont have storage for local logs as our 81E, etc. So there is no option in Log&Report > Reports and Local.
But in the 100, 200 FGs I still dont have an option to see the reports on Fortigate Cloud, should they not be saved there to access?
Thanks,
Roland
On FGT models without internal SSD there is no option for local reports. Logging to memory is fine, log browsing, FortiView, but no reports.
For FAZ-Cloud, which is a SaaS from Fortinet, you need to obtain a license. Then you can enable logging to cloud (conf log fortianalyzer-cloud settings) and specify the credentials. FortiOS will check whether the FGT is entitled to log to cloud.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.