Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hank
New Contributor

logs older than 7 days

I have a Fortigate 101F running v6.4.6.  A 360GB drive that's 1% used.  I've changed maximum-log-age to 365.  However, under Log & Report -> Events, only 7 days of logs are shown.  Below is my "log disk setting".

 

config log disk setting
set status enable
set ips-archive enable
set max-policy-packet-capture-size 100
set log-quota 0
set dlp-archive-quota 0
set report-quota 0
set maximum-log-age 365
set upload disable
set full-first-warning-threshold 75
set full-second-warning-threshold 90
set full-final-warning-threshold 95
set max-log-file-size 20
set roll-schedule daily
set roll-time 00:00
set diskfull overwrite
end

 

What could be the problem??

 

1 Solution
gfleming

You can switch between FortiCloud logs and Disk logs when you are viewing logs on the FortiGate. You do not need to disable FortiCloud logging. It might come in handy one day!

 

gfleming_0-1673242871575.png

 

Cheers,
Graham

View solution in original post

5 REPLIES 5
abarushka
Staff
Staff

Hello,

 

By default older logs than "maximum-log-age" will be deleted. Could you please clarify whether you checked logs after a few days after configuration change or straight away?

FortiGate
seshuganesh
Staff
Staff

Hi Team,

 

Please execute below commands in cli and share us the output:

diagnose sys logdisk usage

show system resource-limits

config wanopt storage

show full

 

 

We will check and keep you posted

Hank

I think I discovered the problem.  I had set the unit to log to disk, and send logs to FortiCloud.  Since I did not subscribe to hosted log retention, logs are only kept for 7 days in FortiCloud.  When I tried to view logs on the unit itself, for some reason it only showed the last 7 days.

 

After changing the setting to not send logs to Forticloud, the unit now show log entries going back 1 year.  The unit must have kept logs all this time, it just won't show it because of the send to FortiCloud setting.

 

Thank you both for responding to my post.

 

 

gfleming

You can switch between FortiCloud logs and Disk logs when you are viewing logs on the FortiGate. You do not need to disable FortiCloud logging. It might come in handy one day!

 

gfleming_0-1673242871575.png

 

Cheers,
Graham
seshuganesh

Thanks for posting your observation.

It is helpful

Labels
Top Kudoed Authors