Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

UTM log saved locally on FG disk and all traffic log send to FAZ

He Experts,


I would like to save only utm log to local disk and send all others to FAZ for further analysis.


I found a solution that set the log disk filter to severity warning and default for "log fortianalyzer setting", like this:

config log disk filter

    set severity warning

    set forward-traffic enable

    set local-traffic enable

    set multicast-traffic enable

    set sniffer-traffic enable

    set anomaly enable

    set voip enable

    set dlp-archive enable

    set gtp enable



Is there a better way to do this?


Hey Lichong,


instead of setting the serverity to warning (as that will affect ALL logs, not just traffic logs), you could exclude traffic logs specifically with this:

#config log disk filter

#set forward-traffic disable



Other traffic (such as user or system events) would still be logged even with serverity below warning, this way. If you set severity warning, the FortiGate would exclude a lot of logs from the local disk, not just traffic logs (which by default are severity notice).

With the command I suggest above, you would exclue forward traffic specifially, but everything else would still be present.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
New Contributor

Hi Debbie,


Sorry for delay response.


I tested that before, it will affect the UTM log if "set forward-traffic" to disable.


Both Forwarding log and UTM log gone from FG disk.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors