- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Logs on system memory
Hello,
On a Fortigate system memory log storage (like 50E and 60E), how the logs storage is measured?
For example, on 6pm today can I view the logs from 4pm of yesterday? If not, what is the reasoning for consulting the logs on this type of firewalls?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, It depends how much log you generate and how much "space=memory" you reserve for them. If the "space" running out, oldest logs are purged. Best
________________________________________________________
--- NSE 4 ---
________________________________________________________
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Logging to memory quickly runs out, even if you are not logging that much info - it's really meant to help with troubleshooting something in near-real time. If your company has needs to keep track/records of certain traffic, it should invest in a logging device (i.e. FortiAnalyzer, cloud, syslog, etc.).
That said, the 60E does have a 128 GB SSD (according to specs) (The 50E model does not, but the 51E models does). You could try enabling logging to disk, but on those smaller fgt models it's really not advisable.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
________________________________________________________
--- NSE 4 ---
________________________________________________________
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you guys this was helpful
I'm going for the 61E
BR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes that's correct, plus 128GB is not all for logging either. No FGT uses the complete disk for logging.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The memory used for syslog is limited on the local device. I'd strongly recommend you to use an external node as a logging server. I had to get the logs of 4 hours of operation and it was something like 30 MB of syslog.
This being said, if you just log stuff on an external linux server with some 4 TB of storage, you will be able to track all your devices from one point and not overwhelm their internal memory.