Hello,
Quick question: In order to allow Skype to continue to function after putting P2P blocking in place I had place a monitoring rule explicitly for Skype above it. This allow access to Skype but fills up my logs with constant entries. What's the best way to set this up so I don't monitor Skype at all?
Thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
(There is no 'allow' action in AppCtrl.)
In
conf log (mem|disk|whatever) filter, set
set severity notificationinstead of
set severity information.
Change your action from 'monitor' to 'allow', that way it will be allowed but not logged.
(There is no 'allow' action in AppCtrl.)
In
conf log (mem|disk|whatever) filter, set
set severity notificationinstead of
set severity information.
Thanks for this Ede.
I guess I'm so used to finding most of the features I need in the gui that I forget that there is more under the hood in the cli.
Also, a related question. How do I configure for FortiCloud? I have another unit that is connected to Forticloud and I want to limit the log entries sent there to avoid filling up the space so quickly. I tried to 'get log forticloud filter' but there was nothing to be found.
FYI just tried 'get log fortianalyzer filter' is this where I configure for Forticloud?
Thanks!
5.2 has "Allow" for App. Control Overrides, 5.0 does not.
For FortiCloud, just "Activate" in the License Information widget.
Then enable in Log settings, OR: #config log fortiguard setting.
To change FortiCloud log filters: #config log fortiguard filter
The 1GB free FortiCloud version quota is per-device not per-account.
This is a 20C running version 4.0 MR3 Patch 14. My goal is to fine tune what is logged to forticloud. For the most part I'm having to delete everything in Forticloud once a week due to the 1GB limit.
This business doesn't have a need for the features of forticloud but apparently (notice in the box) on the 20C it's recommended because the logging locally is detrimental to the unit's longevity. I had one die already withing a year of use.
Any suggestions would be greatly appreciated!
As dirty_wizard already posted,
config log fortiguard filteris where to look for settings. Even in v4.3, when FortiCloud was named 'FortiGuard Analysis Service' you have these options.
You can always (read: as a last resort) try to globally log less by setting the log severity from 'information' to 'notice'. But this will affect all log sources, not only AppCtrl.
You should try to stop the logging for the Skype (exemption) pattern...
In the CLI Reference for v4.3 it says:
config application listThis would stop logging for the 'Skype' entry in your AC list.
edit <listname>
config entries
edit <id>
set action pass
set log disable
...
end
next
end
OK, thanks. I can work with that. I appreciate the help!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.