Good afternoon, I need to implement the fortianalyzer, but my current log storage configuration seems to be misconfigured, my firewall is generating 40TB of logs per day, so it is not possible to store it on any device, is there any good practice or ideal filter than storing it in logs? I believe to be storing much more than is necessary due to the size.
currently the policies are configured to store only the security logs (before it was to record all the logs), but the size has not decreased.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I'm sorry, but HUH ? How are you even being able to do that ?
Are you sure that isnt a GUI bug ?
What firmware are you running ?
Start by disabling logs on the rules between devices in different LAN segments or start doing more explicit rules.
Looks like the bulk of your logs are traffic logs. You may have a particularly chatty system or systems on your network generating lots of sessions and lots of logs. Can you go to FortiView Sources and sort by session count. That will show you what is generating most logs.
The log count might be correct in very large environment or the GUI is lying/wrong.
See from your policies if you need to log everything or may skip some.
See from the log settings if you need to log everything.
If you need the logs, then see whether your retention period is enough.
Logs are usually keeping evidence of things. If you need to look up stuff 30 days later, but your logs are rolled over/deleted, the logging is useless. So if 40 GB is correct, you require 40GBx days of retention period of disk space*2 in case you increase that portion.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.