Hi,
Is the log file length for forwarding traffic on disk configurable?
On my FG3140B the Log is 90.000 entries large containing only 2 hours. That is way too short!
Config:
Feature | Storage Size | Allocated | Used
Logging and Archiving | 23GB | |
Disk Logging | | 0MB | 46MB
Historic Reports | | 0MB | 35GB
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You are most likely running through (and in turn rolling over old logs) rapidly.
Are you logging anything and everything the Gate processes?
Mike Pruett
Yes I do. But there seems to be space left on the device. But when I get this right these some GB wouldn't bring me more than some minutes I guess?
Without Syslog-Server there is only Reducing the Logs drastically or upgrade the SSD?
Depends heaviliy on the amount of traffic going through the device at that point. You should get more than a few minutes I would think.
But then again, I just saw that you have a 3140B.....one of my 3600C's fills up over 70 gigs to FAZ a slow day
Mike Pruett
Do you have logging properly enabled? Do you log all sessions or just security issues?
I have log everything on by default :o
Didn't thought that the logging is so demanding.
Now have modded some rules and gained an extra hour. Now I have 3 hours of history. Way too small anyway.
Biggest fish seems to be the log everything-deny-all policy with 40.000 drops per hour. Ideas?
Is a SSD upgrade possible and easy to setup?
Deny policies don't get logged for some reason. On every other firewall I ever used they did. Maybe it can be enabled in features.
Found something. Log Settings, Enable all and you can customize what is logged. Maybe you have a lot disabled.
Doesn't help ME :p
I have a non-implicit deny policy at the end - there I can log!
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36471 FortiOS 5.x Fortigate # config log setting (global)# set fwpolicy-implicit-log enable This will log denied traffic on implicit Deny policies. Optional: You can create deny policy and log traffic . You need to create a policy with Action DENY, the policy action blocks communication sessions, and you can optionally log the denied traffic. If no security policy matches the traffic, the packets are dropped. A DENY security policy is needed when it is required to log the denied traffic, also called “violation traffic”. Other settings to consider: Fortigate # config log setting local-in-deny-unicast: enable local-in-deny-broadcast: enable
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1707 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.