log
Use the following commands to configure log settings.
log alert
Use this command to configure log based alert settings.
Syntax
config system log alert
set max-alert-count <integer>
end
|
Variable |
Description |
|---|---|
|
max-alert-count <integer> |
Maximum number of alerts supported (100 - 50000, default = 10000). |
log device-disable
Use this command to disable the client device logging.
Syntax
config system log device-disable
edit <id>
set device <string>
set TTL <string>
end
|
Variable |
Description |
|---|---|
|
<id> |
The device ID. |
|
device <string> |
The device ID to be used for disabling logging. Note: The device ID is not checked against the currently registered devices in the system. The entered device ID is ignored if no match is found. |
|
TTL <string> |
Set the duration for Time to Live (TTL). For instance, enter Supported units:
Leave the field unset for no expiration. Note: Do not input auto generated part from |
fos-policy-stats
Use this command to configure FortiOS policy statistics settings.
Syntax
config system log fos-policy-stats
set retention-days <integer>
set sampling-interval <integer>
set status{enable | disable}
end
|
Variable |
Description |
|---|---|
|
retention-days <integer> |
The number of days that FortiOS policy stats are stored (60 - 1825, default = 365). |
|
sampling-interval <integer> |
The interval in which policy stats data are received from FortiOS devices, in minutes (5 - 1440, default = 60). |
|
status {enable | disable} |
Enable/disable FortiOS policy statistics feature (default = enable). |
log interface-stats
Use this command to configure log based interface statistics settings.
Syntax
config system log interface-stats
set billing-report {enable | disable}
set retention-days <integer>
set sampling-interval <integer>
set status {enable | disable}
end
|
Variable |
Description |
|---|---|
|
billing-report {enable | disable} |
Enable/disable billing report feature (default = disable). |
|
retention-days <integer> |
The number of days that interface data are stored (0 - 2000, default = 100). |
|
sampling-interval <integer> |
The interval in which interface data are received from FortiGate devices, in seconds (300 - 86400, default = 1200). |
|
status {enable | disable} |
Enable/disable interface statistics (default = enable). |
log ioc
Use this command to configure log based IoC (Indicators of Compromise) settings.
Syntax
config system log ioc
set notification {enable | disable}
set notification-throttle <integer>
set rescan-max-runner <integer>
set rescan-run-at <integer>
set rescan-status {enable | disable}
set status {enable | disable}
end
|
Variable |
Description |
|---|---|
|
notification {enable | disable} |
Enable/disable IoC notification (default = enable). |
|
notification-throttle <integer> |
Set the minute value for throttling the rate of IoC notifications (1 - 10080, default = 1440). |
|
rescan-max-runner <integer> |
Set the maximum number of concurrent IoC rescans (1 to CPU count, default = 8). |
|
rescan-run-at <integer> |
Set the hour of the day when IoC rescan runs (1 - 24, 0 = run immediately, default = 24). |
|
rescan-status {enable | disable} |
Enable/disable IoC rescan (default = enable). |
|
status {enable | disable} |
Enable/disable the IoC feature (default = enable). |
log mail-domain
Use this command to configure FortiMail domain settings.
Syntax
config system log mail-domain
edit <id>
set devices <string>
set domain <string>
set vdom <string>
end
|
Variable |
Description |
|---|---|
|
<id> |
The ID of the FortiMail domain. |
|
devices <string> |
The device IDs for domain to VDOM mapping, separated by commas (default = All_FortiMails). For example: |
|
domain <string> |
The FortiMail domain. |
|
vdom <string> |
The VDOM name that is mapping to the FortiMail domain. |
log ratelimit
Use this command to log the rate limit.
Syntax
config system log ratelimit
set device-ratelimit-default <integer>
set mode {disable | manual}
set system-ratelimit <integer>
config ratelimits
edit id
set filter <string>
set filter-type {adom | devid}
set ratelimit <integer>
end
end
|
Variable |
Description |
|---|---|
|
device-ratelimit-default <integer> |
The default maximum device log rate limit (default = 0). Note: This command is only available when the mode is set to |
|
mode {disable | manual} |
The logging rate limit mode (default = disable). In the manual mode, the system rate limit and the device rate limit both are configurable, no limit if not configured. |
|
system-ratelimit <integer> |
The maximum system log rate limit (default = 0). Note: This command is only available when the mode is set to |
|
ratelimits |
The device log rate limit. |
|
Variables for |
|
|
<id> |
The device id. |
|
filter <string> |
The device(s) or ADOM filter according to the filter-type setting. Note: Wildcard expression is supported. |
|
filter-type { adom | devid} |
The device filter type (default = devid):
|
|
ratelimit <integer> |
The maximum device log rate limit (default = 0). |
log settings
Use this command to configure settings for logs.
Syntax
config system log settings
set browse-max-logfiles <integer>
set device-auto-detect {enable | disable}
set dns-resolve-dstip {enable | disable}
set download-max-logs <integer>
set FAC-custom-field1 <string>
set FCH-custom-field1 <string>
set FCT-custom-field1 <string>
set FDD-custom-field1 <string>
set FGT-custom-field1 <string>
set FML-custom-field1 <string>
set FPX-custom-field1 <string>
set FSA-custom-field1 <string>
set FWB-custom-field1 <string>
set ha-auto-migrate {enable | disable}
set import-max-logfiles <integer>
set keep-dev-logs {enable | disable}
set legacy-auth-mode {enable | disable}
set log-file-archive-name {basic | extended}
set log-interval-dev-no-logging <interger>
set log-upload-interval-dev-no-logging <interval>
set sync-search-timeout <integer>
set unencrypted-logging {enable | disable}
config {rolling-regular | rolling-local | rolling-analyzer}
set days {fri | mon| sat | sun | thu | tue | wed}
set del-files {enable | disable}
set directory <string>
set file-size <integer>
set gzip-format {enable | disable}
set hour <integer>
set log-format {csv | native | text}
set min <integer>
set password <passwd>
set password2 <passwd>
set password3 <passwd>
set port <integer>
set port2 <integer>
set port3 <integer>
set rolling-upgrade-status <integer>
set server <string>
set server-type {ftp | scp | sftp}
set server2 <string>
set server3 <string>
set upload {enable | disable}
set upload-hour <integer>
set upload-mode {backup | mirror}
set upload-trigger {on-roll | on-schedule}
set username <string>
set username2 <string>
set username3 <string>
set when {daily | none | weekly}
end
end
|
Variable |
Description |
|---|---|
|
browse-max-logfiles <integer> |
Maximum number of log files for each log browse attempt, per ADOM (default = 10000). |
|
device-auto-detect {enable | disable} |
Enable/disable looking up device ID in syslog received with no encryption (default = enable). |
|
dns-resolve-stip {enable | disable} |
Enable/disable resolving destination IP by DNS (default = disable). |
|
download-max-logs <integer> |
Maximum number of logs for each log download attempt (default = 100000). |
|
FAC-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
FCH-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
FCT-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
FDD-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
FGT-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
FML-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
FPX-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
FSA-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
FWB-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
|
ha-auto-migrate {enable | disable} |
Enabled/disable automatically merging HA member's logs to HA cluster (default = disable). |
|
import-max-logfiles <integer> |
Maximum number of log files for each log import attempt (default = 10000). |
|
keep-dev-logs {enable | disable} |
Enable/disable keeping the device logs after the device has been deleted (default = disable). |
|
legacy-auth-mode {enable | disable} |
Enable/disable legacy mode of device authentication by username/password (default = enable). When disabled, FortiGate, FortiWeb, FortiMail, and other devices that connect through OFTP connection must send the correct certificate that includes the device serial number in the Common Name field. If the correct certificate is not sent with the serial number, FortiAnalyzer will fail the OFTP connection. |
|
log-file-archive-name {basic | extended} |
Log file name format for archiving.
|
|
log-interval-dev-no-logging <interger> |
Interval in minutes of no log received from a device when considering the device down (default = 15). |
|
log-upload-interval-dev-no-logging <interger> |
Interval in minutes of no log uploaded from a device when considering the device down (default = 360). |
|
sync-search-timeout <integer> |
The maximum amount of time that a log search session can run in synchronous mode, in seconds (1 - 86400, default = 60). |
|
unencrypted-logging {enable | disable} |
Enable/disable receiving syslog through UDP(514) or TCP(514) un-encrypted (default = disable). |
|
Variables for |
|
|
days {fri | mon| sat | sun | thu | tue | wed} |
Log files rolling schedule (days of the week). When |
|
del-files {enable | disable} |
Enable/disable log file deletion after uploading (default = disable). |
|
directory <string> |
The upload server directory (character limit = 127). |
|
file-size <integer> |
Roll log files when they reach this size, in megabytes (10 - 1000, default = 200). |
|
gzip-format {enable | disable} |
Enable/disable compression of uploaded log files (default = disable). |
|
hour <integer> |
The hour of the day that log files are rolled (0 - 23, default = 0). |
|
log-format {csv | native | text} |
Format of uploaded log files:
|
|
min <integer> |
The minute of the hour that log files are rolled (0 - 59, default = 0). |
|
password <passwd> password2 <passwd> password3 <passwd> |
Upload server log in passwords (character limit = 128). |
|
port <integer> port2 <integer> port3 <integer> |
Upload server IP port number. |
|
rolling-upgrade-status <integer> |
The rolling upgrade status. |
|
server <string> server2 <string> server3 <string> |
Upload server FQDN, IPv4, or IPv6 addresses. Configure up to three servers. |
|
server-type {ftp | scp | sftp} |
Upload server type (default = ftp). |
|
upload {enable | disable} |
Enable/disable log file uploads (default = disable). |
|
upload-hour <integer> |
The hour of the day that log files are uploaded (0 - 23, default = 0). |
|
upload-mode {backup | mirror} |
Configure upload mode with multiple servers. Servers are tried then used one after the other upon failure to connect.
|
|
upload-trigger {on-roll | on-schedule} |
Event triggering log files upload:
|
|
username <string> username2 <string> username3 <string> |
Upload server log in usernames (character limit = 35). |
|
when {daily | none | weekly} |
Roll log files periodically:
|
log topology
Use this command to configure settings for the logging topology.
Syntax
config system log topology
set max-depth <integer>
set max-depth-share <integer>
end
|
Variable |
Description |
|---|---|
|
max-depth <integer> |
Maximum levels to descend from this device to get the logging topology information (0 - 32, default = 5). |
|
max-depth-share <integer> |
Maximum levels to descend from this device to share logging topology information with upstream (0 - 32, default = 5). |