Storing logs Log&Report
FortiGate Version 4.0 Administration Guide
654 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
5 Select one of the following:
6 Select a severity level.
7 Select Apply.
Logging to memory
The FortiGate system memory has a limited capacity for log messages. The FortiGate
system memory displays only the most recent log entries. It does not store traffic and
content logs in system memory due to their size and the frequency of log entries. When
the system memory is full, the FortiGate unit overwrites the oldest messages. All log
entries are cleared when the FortiGate unit restarts.
If your FortiGate unit has a hard disk, use the CLI to enable logging to it. You can also
upload logs stored on the hard disk to a FortiAnalyzer unit. For more information, see the
FortiGate CLI Reference.
To configure the FortiGate unit to save logs in memory
1 Go to Log&Report > Log Config > Log Setting.
2 Select the check box beside Memory.
3 Select the Expand Arrow beside the check box to reveal the available Memory options.
4 Select a severity level.
The FortiGate unit logs all messages at and above the logging severity level you
select. For more information about the logging levels, see Table 55, “Log severity
levels,” on page 649.
Logging to a Syslog server
A Syslog server is a remote computer running Syslog software and is an industry standard
for logging. Syslog is used to capture log information provided by network devices. The
Syslog server is both a convenient and flexible logging device, since any computer
system, such as Linux, Unix, and Intel-based Windows can run syslog software.
When configuring logging to a Syslog server, you need to configure the facility and log file
format, normal or Comma Separated Values (CSV). The CSV format contains commas
whereas the normal format contains spaces. Logs saved in the CSV file format can be
viewed in a spread-sheet application, while logs saved in normal format are viewed in a
text editor (such as Notepad) because they are saved as plain text files.
Configuring a facility easily identifies the device that recorded the log file.
Overwrite oldest
logs
Deletes the oldest log entry and continues logging when the maximum log
disk space is reached.
Do not log Stops log messages going to the FortiGuard Analysis server when the
maximum log disk space is reached.
Note: You can configure logging to an AMC disk and schedule when to upload logs to a
FortiAnalyzer unit.
The AMC disk is available on FortiGate models with a single-width AMC slot such as the
310B, 620B, 3600A, 3016B, 3810A and 5001A-SW.
To Next Page
Loading...