Version: FortiGate-60C v5.0,build0208,130603 (GA Patch 3) BIOS version: 04000027 Log hard disk: Available Internal Switch mode: interfaceaccording to your comment, I want to execute command: execute report-config reset I got error command
FGT_ # execute report-config reset command parse error before ' report-config' Command fail. Return code -61What is wrong? Thanks for reply
on FortiOS 5 you should enable extended-utm-log via CLI for each UTM profile to show your UTM logs, otherwise all of UTM logs will recognize as a normal traffic logI' m confused about what the extended-utm-log setting does. By chance, I was talking to FortiNet tech support yesterday, and I think I understood them to tell me that, if I enable extended-utm-log in a web filter profile, then all URLs browsed will get logged. I want to avoid that both for volume and for employee privacy purposes. But, are you saying, if I don' t enable extended-utm-log, then I cannot get detailed reports on volumes of sites used? thanks for clarifying.
Is there a possibility ignoring this warning?Yes, as long as you type " end" after: config log disk setting ; set status enable This is basically information that heavy logging can damage local flash - due to its nature - constant I/O on the disk does its job :) but that is common behaviour for this kind of memory. Point is that many FortiGates users/admins decided to log absolutely everything, every single java script and packets and all - in fact 99% of time - useless information. I saw 60C device logging over 3 million logs per day - rather crazy. But in some cases it is understandable. Here I would suggest FortiAnalyzer. Forticloud (200GB) What kind of logs are logged can be seen in cli: get log disk filter get log memory filter get log fortiguard filter get log setting ^^ can be configured (ie. #config log disk filter) when enabling: extended-utm-enable in UTM profile/sensor (AV, Webfilter, IPS...) more logging options will be available: config webfilter profile edit default set extended-utm-log enable next end here are the new logging options: log-all-url Enable/disable log all URLs visited. web-content-log Enable/disable logging for web filter content blocking. web-filter-activex-log Enable/disable logging for web script filtering on ActiveX. web-filter-command-block-log Enable/disable logging for web filtering on command blocking. web-filter-cookie-log Enable/disable logging for web script filtering on cookies. web-filter-applet-log Enable/disable logging for web script filtering on Java applets. web-filter-jscript-log Enable/disable logging for web script filtering on JScripts. web-filter-js-log Enable/disable logging for web script filtering on Java scripts. web-filter-vbs-log Enable/disable logging for web script filtering on VB scripts. web-filter-unknown-log Enable/disable logging for web script filtering on unknown scripts. web-filter-referer-log Enable/disable logging of web filter referer block. web-filter-cookie-removal-log Enable/disable logging of web filter cookie block. web-filter-sdns-action Action to take for blocked domains. web-filter-sdns-portal IP address of the SDNS portal. web-url-log Enable/disable logging for URL filtering. web-invalid-domain-log Enable/disable logging for web filtering of invalid domain name. web-ftgd-err-log enable logging for FortiGuard Web Filter rating errors web-ftgd-quota-usage enable logging for FortiGuard Web Filter quota usage each day Now, do you need to log all that? Not all but some certainly. Ie. In FortiCloud > drilldown > it will show " No Data" for Web Activity as this category in DrilldDowns is based on Webfilter logs. Network Activity is based on traffic logs and UTM activity is based on..UTM logs (Security Profiles) But I got too far here I see :) You can ignore the message received upon enabling logging to disk but you can also reconsider.
livo
I Know this post is old, but this may help other people...
I have a FG 90D with FortiOS 5.4.8 running, and i was facing kind of similar problem.
i tried multiple commands for enabling disk logging, even memory logging, but after that I've had no luck finding the Local Report menu, and finally i found this:
in this version you should enable local Report from:
System>Feature Select> Local Report
i hope this helps some people.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.