Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.4.4 Handbook
    7.4.4
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring local log settings

    Configuring local log settings

    The local log is a datastore hosted on the FortiADC system.

    Typically, you use the local log to capture information about system health and system administration activities. We recommend that you use local logging during evaluation and verification of your initial deployment, and then configure remote logging to send logs to a log management repository where they can be stored long term and analyzed using preferred analytic tools.

    Local log disk settings are configurable. You can select a subset of system events, traffic, and security logs.

    Before you begin:
    • You must have Read-Write permission for Log & Report settings.
    To configure local log settings:
    1. Go to Log & Report > Log Setting.
      The configuration page displays the Local Log tab.
    2. Complete the configuration as described in Local logging configuration.
    3. Save the configuration.

    Local logging configuration
    Settings Guidelines
    Status Select to enable local logging.
    File Size Maximum disk space for a local log file. The default is 200 MB. When the current log file reaches this size, a new file is created.
    Log Level Select the lowest severity to log from the following choices:

    • Emergency—The system has become unstable.
    • Alert—Immediate action is required.
    • Critical—Functionality is affected.
    • Error—An error condition exists and functionality could be affected.
    • Warning—Functionality might be affected.
    • Notification—Information about normal events.
    • Information—General information about system operations.
    • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior.

    For example, if you select Error, the system collects logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency.
    Disk Full Select log behavior when the maximum disk space for local logs (30% of total disk space) is reached:

    • Overwrite—Continue logging. Overwrite the earliest logs.
    • No Log—Stop logging.
    Event Select to enable logging for events.
    Event Category
    This option becomes available only when the Event check box is selected. In that case, select the types of events to collect in the local log:

    • Configuration—Configuration changes.
    • Admin—Administrator actions.
    • System—System operations, warnings, and errors.
    • User—Authentication results logs.
    • Health Check—Health check results and client certificate validation check results.
    • SLB—Notifications, such as connection limit reached.
    • LLB—Notifications, such as bandwidth thresholds reached.
    • GLB—Notifications, such as the status of associated local SLB and virtual servers.
    • Firewall—Notifications for the "firewall" module, such as SNAT source IP pool is using all of its addresses.
    Traffic

    Select to enable logging for traffic processed by the load balancing modules.
    Traffic Category

    The following options become available only when the Traffic check-box is selected. See above.

    • SLB—Server Load Balancing traffic logs related to sessions and throughput.
    • GLB—Global Load Balancing traffic logs related to DNS requests.
    • LLB—Link Load Balancing traffic logs related to session and throughput.
    Security

    Select to enable logging for traffic processed by the security modules.
    Security Category
    • DoS—SYN flood protection logs.
    • IP Reputation—IP Reputation logs.
    • WAF—WAF logs.
    • GEO—Geo IP blocking logs.
    • AV—AV logs.
    • IPS—IPS logs
    • FW—Firewall logs
    • ZTNA—ZTNA logs
    • Enable All—All types of log mentioned above.
    Script

    Select to enable scripting.
    Script Category SLB is selected by default and required.
    Previous
    Next

    Configuring local log settings

    Configuring local log settings

    The local log is a datastore hosted on the FortiADC system.

    Typically, you use the local log to capture information about system health and system administration activities. We recommend that you use local logging during evaluation and verification of your initial deployment, and then configure remote logging to send logs to a log management repository where they can be stored long term and analyzed using preferred analytic tools.

    Local log disk settings are configurable. You can select a subset of system events, traffic, and security logs.

    Before you begin:
    • You must have Read-Write permission for Log & Report settings.
    To configure local log settings:
    1. Go to Log & Report > Log Setting.
      The configuration page displays the Local Log tab.
    2. Complete the configuration as described in Local logging configuration.
    3. Save the configuration.

    Local logging configuration
    Settings Guidelines
    Status Select to enable local logging.
    File Size Maximum disk space for a local log file. The default is 200 MB. When the current log file reaches this size, a new file is created.
    Log Level Select the lowest severity to log from the following choices:

    • Emergency—The system has become unstable.
    • Alert—Immediate action is required.
    • Critical—Functionality is affected.
    • Error—An error condition exists and functionality could be affected.
    • Warning—Functionality might be affected.
    • Notification—Information about normal events.
    • Information—General information about system operations.
    • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior.

    For example, if you select Error, the system collects logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency.
    Disk Full Select log behavior when the maximum disk space for local logs (30% of total disk space) is reached:

    • Overwrite—Continue logging. Overwrite the earliest logs.
    • No Log—Stop logging.
    Event Select to enable logging for events.
    Event Category
    This option becomes available only when the Event check box is selected. In that case, select the types of events to collect in the local log:

    • Configuration—Configuration changes.
    • Admin—Administrator actions.
    • System—System operations, warnings, and errors.
    • User—Authentication results logs.
    • Health Check—Health check results and client certificate validation check results.
    • SLB—Notifications, such as connection limit reached.
    • LLB—Notifications, such as bandwidth thresholds reached.
    • GLB—Notifications, such as the status of associated local SLB and virtual servers.
    • Firewall—Notifications for the "firewall" module, such as SNAT source IP pool is using all of its addresses.
    Traffic

    Select to enable logging for traffic processed by the load balancing modules.
    Traffic Category

    The following options become available only when the Traffic check-box is selected. See above.

    • SLB—Server Load Balancing traffic logs related to sessions and throughput.
    • GLB—Global Load Balancing traffic logs related to DNS requests.
    • LLB—Link Load Balancing traffic logs related to session and throughput.
    Security

    Select to enable logging for traffic processed by the security modules.
    Security Category
    • DoS—SYN flood protection logs.
    • IP Reputation—IP Reputation logs.
    • WAF—WAF logs.
    • GEO—Geo IP blocking logs.
    • AV—AV logs.
    • IPS—IPS logs
    • FW—Firewall logs
    • ZTNA—ZTNA logs
    • Enable All—All types of log mentioned above.
    Script

    Select to enable scripting.
    Script Category SLB is selected by default and required.
    Previous
    Next