locallog
Use the following commands to configure local log settings.
locallog setting
Use this command to configure locallog logging settings.
Syntax
config system locallog setting
set log-interval-dev-no-logging <integer>
set log-interval-disk-full <integer>
set log-interval-gbday-exceeded <integer>
end
locallog disk setting
Use this command to configure the disk settings for uploading log files, including configuring the severity of log levels.
-
status
must be enabled to viewdiskfull
,max-log-file-size
andupload
variables. -
upload
must be enabled to view/set otherupload*
variables.
Syntax
config system locallog disk setting
set status {enable | disable}
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set max-log-file-size <integer>
set roll-schedule {none | daily | weekly}
set roll-day <string>
set roll-time <hh:mm>
set diskfull {nolog | overwrite}
set log-disk-full-percentage <integer>
set upload {enable | disable}
set uploadip <ipv4_address>
set server-type {FAZ | FTP | SCP | SFTP}
set uploadport <integer>
set uploaduser <string>
set uploadpass <passwd>
set uploaddir <string>
set uploadtype <event>
set uploadzip {enable | disable}
set uploadsched {enable | disable}
set upload-time <hh:mm>
set upload-delete-files {enable | disable}
end
Example
In this example, the logs are uploaded to an upload server and are not deleted after they are uploaded.
config system locallog disk setting
set status enable
set severity information
set max-log-file-size 1000MB
set roll-schedule daily
set upload enable
set uploadip 10.10.10.1
set uploadport port 443
set uploaduser myname2
set uploadpass 12345
set uploadtype event
set uploadzip enable
set uploadsched enable
set upload-time 06:45
set upload-delete-file disable
end
locallog filter
Use this command to configure filters for local logs. All keywords are visible only when event
is enabled
.
Syntax
config system locallog [memory | disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | syslogd | syslogd2 | syslogd3] filter
set devcfg {enable | disable}
set devops {enable | disable}
set diskquota {enable | disable}
set dm {enable | disable}
set dvm {enable | disable}
set ediscovery {enable | disable}
set epmgr {enable | disable}
set event {enable | disable}
set eventmgmt {enable | disable}
set faz {enable | disable}
set fazha {enable | disable}
set fazsys {enable | disable}
set fgd {enable | disable}
set fgfm {enable | disable}
set fips {enable | disable}
set fmgws {enable | disable}
set fmlmgr {enable | disable}
set fmwmgr {enable | disable}
set fortiview {enable | disable}
set glbcfg {enable | disable}
set ha {enable | disable}
set hcache {enable | disable}
set iolog {enable | disable}
set logd {enable | disable}
set logdb {enable | disable}
set logdev {enable | disable}
set logfile {enable | disable}
set logging {enable | disable}
set lrmgr {enable | disable}
set objcfg {enable | disable}
set report {enable | disable}
set rev {enable | disable}
set rtmon {enable | disable}
set scfw {enable | disable}
set scply {enable | disable}
set scrmgr {enable | disable}
set scvpn {enable | disable}
set system {enable | disable}
set webport {enable | disable}
end
Example
In this example, the local log filters are log and report manager, and system settings. Events in these areas of the FortiAnalyzer unit will be logged.
config system locallog filter
set event enable
set lrmgr enable
set system enable
end
locallog fortianalyzer (fortianalyzer2, fortianalyzer3) setting
Use this command to enable or disable, and select the severity threshold of, remote logging to the FortiAnalyzer units. You can configure up to three FortiAnalyzer devices.
The severity threshold required to forward a log message to the FortiAnalyzer unit is separate from event, syslog, and local logging severity thresholds.
Syntax
config system locallog [fortianalyzer | fortianalyzer2 | fortianalyzer3] setting
set reliable {enable | disable}
set secure-connection {enable | disable}
set server-ip <ipv4_address>
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set status {disable | realtime | upload}
set upload-time <hh:mm>
end
Example
You might enable remote logging to the FortiAnalyzer unit configured. Events at the information level and higher, which is everything except debug level events, would be sent to the FortiAnalyzer unit.
config system locallog fortianalyzer setting
set status enable
set severity information
end
locallog memory setting
Use this command to configure memory settings for local logging purposes.
Syntax
config system locallog memory setting
set diskfull {nolog | overwrite}
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set status <enable | disable>
end
Variable |
Description |
---|---|
diskfull {nolog | overwrite} |
Enter the action to take when the disk is full:
|
severity {emergency | alert | critical | error | warning | notification | information | debug} |
Select the logging severity level (default = notification). The FortiAnalyzer unit logs all messages at and above the logging severity level you select. |
status <enable | disable> |
Enable/disable logging to the memory buffer (default = disable). |
Example
This example shows how to enable logging to memory for all events at the notification level and above. At this level of logging, only information and debug events will not be logged.
config system locallog memory
set severity notification
set status enable
end
locallog syslogd (syslogd2, syslogd3) setting
Use this command to configure the settings for logging to a syslog server. You can configure up to three syslog servers: syslogd, syslogd2 and syslogd3.
Syntax
config system locallog {syslogd | syslogd2 | syslogd3} setting
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set status {enable | disable}
set syslog-name <string>
end
Variable |
Description |
---|---|
csv {enable | disable} |
Enable/disable producing the log in comma separated value (CSV) format (default = disable). If you do not enable CSV format the FortiAnalyzer unit produces space separated log files. |
facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp} |
Enter the facility type (default = local7). The facility identifies the source of the log message to syslog. Change |
severity {emergency | alert | critical | error | warning | notification | information | debug} |
Select the logging severity level (default = notification). The FortiAnalyzer unit logs all messages at and above the logging severity level you select. |
status {enable | disable} |
Enable/disable logging to the remote syslog server (default = disable). |
syslog-name <string> |
Enter the remote syslog server name. |
Use the show command to display the current configuration if it has been changed from its default value:
show system locallog syslogd setting
Example
In this example, the logs are uploaded to a syslog server at IPv4 address 10.10.10.8
. The FortiAnalyzer unit is identified as facility local0
.
config system locallog syslogd setting
set facility local0
set server 10.10.10.8
set status enable
set severity information
end