I have a Fortigate 101F running v6.4.6. A 360GB drive that's 1% used. I've changed maximum-log-age to 365. However, under Log & Report -> Events, only 7 days of logs are shown. Below is my "log disk setting".
config log disk setting
set status enable
set ips-archive enable
set max-policy-packet-capture-size 100
set log-quota 0
set dlp-archive-quota 0
set report-quota 0
set maximum-log-age 365
set upload disable
set full-first-warning-threshold 75
set full-second-warning-threshold 90
set full-final-warning-threshold 95
set max-log-file-size 20
set roll-schedule daily
set roll-time 00:00
set diskfull overwrite
end
What could be the problem??
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can switch between FortiCloud logs and Disk logs when you are viewing logs on the FortiGate. You do not need to disable FortiCloud logging. It might come in handy one day!
Hello,
By default older logs than "maximum-log-age" will be deleted. Could you please clarify whether you checked logs after a few days after configuration change or straight away?
Hi Team,
Please execute below commands in cli and share us the output:
diagnose sys logdisk usage
show system resource-limits
config wanopt storage
show full
We will check and keep you posted
I think I discovered the problem. I had set the unit to log to disk, and send logs to FortiCloud. Since I did not subscribe to hosted log retention, logs are only kept for 7 days in FortiCloud. When I tried to view logs on the unit itself, for some reason it only showed the last 7 days.
After changing the setting to not send logs to Forticloud, the unit now show log entries going back 1 year. The unit must have kept logs all this time, it just won't show it because of the send to FortiCloud setting.
Thank you both for responding to my post.
You can switch between FortiCloud logs and Disk logs when you are viewing logs on the FortiGate. You do not need to disable FortiCloud logging. It might come in handy one day!
Thanks for posting your observation.
It is helpful
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.