hi, and welcome to the forums. Logging to memory is disabled by default on the smaller FGTs. You posted your HW config showing that the 60D has no logging disk. Nonetheless it can log into memory (10% of the built-in RAM, i.e. 100 MB) if you activate it in the CLI: use the Console widget to enter

config log memory setting
 set status enable
 end

Please check the (many) options in ' config log memory filter' to enable the different log sources. You get a more complete picture of these commands from the ' CLI Reference' on docs.fortinet.com. Actually, there are WebGUI controls for this but they are disabled by default. One hint though: your FGT is running 5.0.0; get the latest patch release 5.0.6 (v5 MR 0 patch 6) from support.fortinet.com and upgrade, it' s worth it in terms of stability and resource consumption.

Fortigate does not have a Disk so you have to Log to Memory. Memory Logging only shows Real-time logs there will be no historic logs. My suggestion is to keep logging disabled and enable it only at time of Troubleshooting.

OK, it' s in the CLI Reference for FortiOS v5, pg. 295. I' ll try to enclose a screen shot.

Hi Ede, thanks before for your help. but I can' t find the same command as in the manual. please see my fortigate 60D attachment.

Perhaps you need to upgrade the firmware on the 60D. I know disk logging was disabled (possibly even removed) on the initial 5.0.x release for 60D, but was bought back in either 5.0.3 and higher firmware. (Going to take a guess and say logging to memory was also removed/disabled on the initial firmware release, but may have been restored in a later firmware release.)

Hi you should at least upgrade your device because your version " build 4162" are indicatinng that you are using a " Brache Release" which means is a interim' s release NOT A OFFICAIL release. This happens sometime if you receive new FortiGates. From this point of view please upgrade (I would recommend 5.0.6 runns well). If it is possible I would recommend to stage the Forti complet new. This means over the console start the Forti and stop the boot process (Press any key to display configuration menu...): FortiGate-60 (root) # FGT60 (11:24-04.25.2005) Ver:04000000 Serial number:FGT-101101101100 RAM activation Total RAM: 128MB Enabling cache...Done. Scanning PCI bus...Done. Allocating PCI resources...Done. Enabling PCI resources...Done. Zeroing IRQ settings...Done. Verifying PIRQ tables...Done. Boot up, boot device capacity: 30MB. Press any key to display configuration menu... You will see some Menü like: : Get firmware image from TFTP server. : Format boot device. : Quit menu and continue to boot with default firmware. : Display this list of options. !!!!!!!!!!!!!!ATTENTION YOU WILL LOST EVERY CONFIGURATION!!!!!!!!!!!!!!! Format with " F" your device or choose " Format boot device" Enter G,F,Q,or H: F All data will be erased,continue:[Y/N]? Formatting boot device... ............... Format boot device completed. After that you use a TFTP Server on your laptop with a IP configured. The IP and you subnet you are using on your laptop must fit the TFTP configuration on the FortiGate. A 60D has a different Bios Menü which means choose: Review TFTP Parameters If you configured your laptop with the TFTP Server running (If you do not have one use http://www.solarwinds.com/products/freetools/free_TFTP_server.aspx) you can choose: : Initiate TFTP firmware transfer or : Get firmware image from TFTP server Look to the menü on the screen because it is indicating to which port you have to connect your cable RJ-45 which connects from laptop to the FortiGate. As soon as you see following firmware is transfered: Enter firmware image file name [image.out]: ############ Total 13547047 bytes data downloaded. Verifying the integrity of the firmware image. Total 28000kB unzipped. If the firmware is transfered following will be shown: Save as Default firmware/Run image without saving:[Choose " D" for default to be booted] It take some time but at least you will see the Login. Login to the Devices with admin no password. No you have to format your Disk because a 60D HAS A DISK. Acutally it is a Flash Disk. Use to format: # execute formatlogdisk Answer yes and a reboot will be done. After you come up again use following: # get system status You will see a position with " Disk available" ! Configure now " global" log function with: (setting) # get brief-traffic-format: disable daemon-log : disable fwpolicy-implicit-log: enable fwpolicy6-implicit-log: disable gui-location : disk local-in-allow : disable local-in-deny : enable local-out : disable log-invalid-packet : disable log-user-in-upper : disable neighbor-event : disable resolve-apps : enable resolve-hosts : enable resolve-ip : disable resolve-port : enable user-anonymize : disable (setting) # if you like to configure log to disk set at least: # set gui-location disk # end After that check every log possibility to be set to " disable" except for disk which means: # config log fortiguard setting # set status disable # end # config log memory setting # set status disable # end # config log syslogd setting # set status disable # end # config log fortianalyzersetting # set status disable # end Normal all is set to " disable" . Activate now log to disk: # config log disk setting # set status enable # end Now you can configure on a Policy Rule in the Gui " Log all sessions" . be careful to log to the disk. FortiGate is using Flash as Disk and heafy log to disk is not really recommended. Flash does not really like heavy writting processes etc. Recommended -if possible- is acutally " memory" logging. This means 10% of the Memory is used to log. If 10% is full the log space is deleted and overwritten etc. Have fun Andrea

hi Andre, Thanks for your help. can I upgrade the device without formatting the device? Because, now, the device is live device and the location is very-very far away from town. Thanks, Jerri