config log setting local
Use this command to configure basic log settings.
The local log is a datastore hosted on the FortiADC system.
Typically, you use the local log to capture information about system health and system administration activities. We recommend that you use local logging during evaluation and verification of your initial deployment, and then configure remote logging to send logs to a log management repository where they can be stored long term and analyzed using preferred analytic tools.
Local log disk settings are configurable. You can select a subset of system events, traffic, and security logs.
Before you begin:
- You must have read-write permission for log settings.
Syntax
config log setting local
set attack-log-cached-lines {0|100|500|800|1000|2000|5000|10000}
set attack-log-category {synflood ipreputation waf geo}
set attack-log-status {enable|disable}
set disk-full {overwrite | nolog}
set event-log-cached-lines {0|100|500|800|1000|2000|5000|10000}
set event-log-category {admin configuration fw glb health-check llb slb system user}
set event-log-status {enable|disable}
set loglevel {alert | critical | debug | emerge | error | information | notification | warning}
set rate_limit <integer>
set rotation-size <integer>
set status {enable|disable}
set traffic-log-cached-lines {0|100|500|800|1000|2000|5000|10000}
set traffic-log-category {slb | dns | llb}
set traffic-log-status {enable|disable}
set script-log-status {enable|disable}
set script-log-category {slb}
end
attack-log-cached-lines |
Limit the number of logs that are cached. The default is 0 (disabled). Valid multiples are 100, 500, 800, 1000, 2000, 5000, 10000. If 0, every generated log is written to disk immediately. If 1000, logs are written to disk in batches of 1000. |
attack-log-category |
|
attack-log-status |
Enable/disable logging for the category. |
disk-full |
Specify log behavior when the maximum disk space for local logs (30% of total disk space) is reached:
|
event-log-cached-lines |
Limit the number of logs that are cached. The default is 0 (disabled). Valid multiples are 100, 500, 800, 1000, 2000, 5000, 10000. If 0, every generated log is written to disk immediately. If 1000, logs are written to disk in batches of 1000. |
event-log-category |
Select the types of events to collect in the local log:
|
event-log-status |
Enable/disable logging for the category. |
loglevel |
Specify the lowest severity for which alerts are sent:
For example, if you select |
rate_limit |
Rate limit logging (logs/second). The default is 0 (disabled). |
rotation-size |
Maximum size for a local log file. The default is 200 MB. When the current log file reaches this size, a new file is created. |
status |
Enable/disable local logging. |
traffic-log-cached-lines |
Limit the number of logs that are cached. The default is 0 (disabled). Valid multiples are 100, 500, 800, 1000, 2000, 5000, 10000. If 0, every generated log is written to disk immediately. If 1000, logs are written to disk in batches of 1000. |
traffic-log-category |
|
traffic-log-status |
Enable/disable logging for the category. |
script-log-status |
Enable/disable script log. |
script-log-category |
Set script log category. |
Example
FortiADC-VM (root) # get log setting local
status : enable
rotation-size : 199
disk-full : overwrite
loglevel : information
event-log-status : enable
event-log-category : configuration admin health_check system user slb llb glb fw
traffic-log-status : enable
traffic-log-category : slb dns
attack-log-status : enable
attack-log-category : synflood ipreputation waf geo
script-log-status : enable
script-log-category : slb
event-log-cached-lines : 0
traffic-log-cached-lines : 0
attack-log-cached-lines : 0
rate_limit : 0