locallog
Use the following commands to configure local log settings.
locallog setting
Use this command to configure locallog logging settings.
Syntax
config system locallog setting
set log-interval-dev-no-logging <integer>
set log-interval-disk-full <integer>
set log-interval-gbday-exceeded <integer>
end
|
Variable |
Description |
|---|---|
|
log-interval-dev-no-logging <integer> |
Interval for logging the event of no logs received from a device, in minutes (default = 1400). |
|
log-interval-disk-full <integer> |
Interval for logging the event of disk full, in minutes (default = 5). |
|
log-interval-gbday-exceeded <integer> |
Interval for logging the event of the GB/Day license exceeded, in minutes (default = 1400). |
locallog disk setting
Use this command to configure the disk settings for uploading log files, including configuring the severity of log levels.
-
statusmust be enabled to viewdiskfull,max-log-file-sizeanduploadvariables. -
uploadmust be enabled to view/set otherupload*variables.
Syntax
config system locallog disk setting
set status {enable | disable}
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set max-log-file-size <integer>
set roll-schedule {none | daily | weekly}
set roll-day <string>
set roll-time <hh:mm>
set diskfull {nolog | overwrite}
set log-disk-full-percentage <integer>
set upload {enable | disable}
set uploadip <ipv4_address>
set server-type {FAZ | FTP | SCP | SFTP}
set uploadport <integer>
set uploaduser <string>
set uploadpass <passwd>
set uploaddir <string>
set uploadtype <event>
set uploadzip {enable | disable}
set uploadsched {enable | disable}
set upload-time <hh:mm>
set upload-delete-files {enable | disable}
end
|
Variable |
Description |
|---|---|
|
status {enable | disable} |
Enable/disable logging to the local disk (default = enable) |
|
severity {emergency | alert | critical | error | warning | notification | information | debug } |
Select the logging severity level. The FortiAnalyzer unit logs all messages at and above the logging severity level you select.
|
|
max-log-file-size <integer> |
Enter the size at which the log is rolled, in megabytes (1 - 1024, default = 100). |
|
roll-schedule {none | daily | weekly} |
Enter the period for the scheduled rolling of a log file:
|
|
roll-day {sunday | monday | tuesday | wednesday | thursday | friday | saturday} |
Enter the day for the scheduled rolling of a log file (default = sunday). |
|
roll-time <hh:mm> |
Enter the time for the scheduled rolling of a log file. |
|
diskfull {nolog | overwrite} |
Enter action to take when the disk is full:
|
|
log-disk-full-percentage <integer> |
Enter the percentage at which the log disk will be considered full (50 - 90, default = 80). |
|
upload {enable | disable} |
Enable/disable uploading of logs when rolling log files (default = disable). |
|
uploadip <ipv4_address> |
Enter IPv4 address of the destination server. |
|
server-type {FTP | SCP | SFTP} |
Enter the server type to use to store the logs:
|
|
uploadport <integer> |
Enter the port to use when communicating with the destination server (1 - 65535, default = 0). |
|
uploaduser <string> |
Enter the user account on the destination server. |
|
uploadpass <passwd> |
Enter the password of the user account on the destination server (character limit = 127). |
|
uploaddir <string> |
Enter the destination directory on the remote server. |
|
uploadtype <event> |
Enter to upload the event log files (default = event). |
|
uploadzip {enable | disable} |
Enable to compress uploaded log files (default = disable). |
|
uploadsched {enable | disable} |
Enable to schedule log uploads (default = disable). |
|
upload-time <hh:mm> |
Enter to configure when to schedule an upload. |
|
upload-delete-files {enable | disable} |
Enable/disable deleting log files after uploading (default = enable). |
Example
In this example, the logs are uploaded to an upload server and are not deleted after they are uploaded.
config system locallog disk setting
set status enable
set severity information
set max-log-file-size 1000MB
set roll-schedule daily
set upload enable
set uploadip 10.10.10.1
set uploadport port 443
set uploaduser myname2
set uploadpass 12345
set uploadtype event
set uploadzip enable
set uploadsched enable
set upload-time 06:45
set upload-delete-file disable
end
locallog filter
Use this command to configure filters for local logs. All keywords are visible only when event is enabled.
Syntax
config system locallog [memory | disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | syslogd | syslogd2 | syslogd3] filter
set aid {enable | disable}
set devcfg {enable | disable}
set devops {enable | disable}
set diskquota {enable | disable}
set dm {enable | disable}
set docker {enable | disable}
set dvm {enable | disable}
set ediscovery {enable | disable}
set epmgr {enable | disable}
set event {enable | disable}
set eventmgmt {enable | disable}
set faz {enable | disable}
set fazha {enable | disable}
set fazsys {enable | disable}
set fgd {enable | disable}
set fgfm {enable | disable}
set fips {enable | disable}
set fmgws {enable | disable}
set fmlmgr {enable | disable}
set fmwmgr {enable | disable}
set fortiview {enable | disable}
set glbcfg {enable | disable}
set ha {enable | disable}
set hcache {enable | disable}
set incident {enable | disable}
set iolog {enable | disable}
set logd {enable | disable}
set logdb {enable | disable}
set logdev {enable | disable}
set logfile {enable | disable}
set logging {enable | disable}
set lrmgr {enable | disable}
set objcfg {enable | disable}
set report {enable | disable}
set rev {enable | disable}
set rtmon {enable | disable}
set scfw {enable | disable}
set scply {enable | disable}
set scrmgr {enable | disable}
set scvpn {enable | disable}
set system {enable | disable}
set webport {enable | disable}
end
|
Variable |
Description |
|---|---|
|
aid {enable | disable} |
Enable/disable configuring aid messages (default = enable). |
|
devcfg {enable | disable} |
Enable/disable logging device configuration messages (default = enable). |
|
devops {enable | disable} |
Enable/disable managed device's operations messages (default = enable). |
|
diskquota {enable | disable} |
Enable/disable logging FortiAnalyzer disk quota messages (default = enable). |
|
dm {enable | disable} |
Enable/disable logging deployment manager messages (default = enable). |
|
docker {enable | disable} |
Enable/disable docker application generic messages (default = enable). |
|
dvm {enable | disable} |
Enable/disable logging device manager messages (default = enable). |
|
ediscovery {enable | disable} |
Enable/disable logging device manager messages (default = enable). |
|
epmgr {enable | disable} |
Enable/disable logging endpoint manager messages (default = enable). |
|
event {enable | disable} |
Enable/disable configuring log filter messages (default = enable). |
|
eventmgmt {enable | disable} |
Enable/disable logging FortiAnalyzer event handler messages (default = enable). |
|
faz {enable | disable} |
Enable/disable logging FortiAnalyzer messages (default = enable). |
|
fazha {enable | disable} |
Enable/disable logging FortiAnalyzer messages (default = enable). |
|
fazsys {enable | disable} |
Enable/disable logging FortiAnalyzer HA system messages (default = enable). |
|
fgd {enable | disable} |
Enable/disable logging FortiGuard service messages (default = enable). |
|
fgfm {enable | disable} |
Enable/disable logging FortiGate/FortiManager communication protocol messages (default = enable). |
|
fips {enable | disable} |
Enable/disable logging FIPS messages (default = enable). |
|
fmgws {enable | disable} |
Enable/disable logging web service messages (default = enable). |
|
fmlmgr {enable | disable} |
Enable/disable logging FortiMail manager messages (default = enable). |
|
fmwmgr {enable | disable} |
Enable/disable logging firmware manager messages (default = enable). |
|
fortiview {enable | disable} |
Enable/disable logging FortiAnalyzer FortiView messages (default = enable). |
|
glbcfg {enable | disable} |
Enable/disable logging global database messages (default = enable). |
|
ha {enable | disable} |
Enable/disable logging high availability activity messages (default = enable). |
|
hcache {enable | disable} |
Enable/disable logging hcache messages (default = enable). |
|
incident {enable | disable} |
Enable/disable logging FortiAnalyzer incident messages (default = enable). |
|
iolog {enable | disable} |
Enable/disable input/output log activity messages (default = enable). |
|
logd {enable | disable} |
Enable/disable logd messages (default = enable). |
|
logdb {enable | disable} |
Enable/disable logging FortiAnalyzer log DB messages (default = enable). |
|
logdev {enable | disable} |
Enable/disable logging FortiAnalyzer log device messages (default = enable). |
|
logfile {enable | disable} |
Enable/disable logging FortiAnalyzer log file messages (default = enable). |
|
logging {enable | disable} |
Enable/disable logging FortiAnalyzer logging messages (default = enable). |
|
lrmgr {enable | disable} |
Enable/disable logging log and report manager messages (default = enable). |
|
objcfg {enable | disable} |
Enable/disable logging object configuration (default = enable). |
|
report {enable | disable} |
Enable/disable logging FortiAnalyzer report messages (default = enable). |
|
rev {enable | disable} |
Enable/disable logging revision history messages (default = enable). |
|
rtmon {enable | disable} |
Enable/disable logging real-time monitor messages (default = enable). |
|
scfw {enable | disable} |
Enable/disable logging firewall objects messages (default = enable). |
|
scply {enable | disable} |
Enable/disable logging policy console messages (default = enable). |
|
scrmgr {enable | disable} |
Enable/disable logging script manager messages (default = enable). |
|
scvpn {enable | disable} |
Enable/disable logging VPN console messages (default = enable). |
|
system {enable | disable} |
Enable/disable logging system manager messages (default = enable). |
|
webport {enable | disable} |
Enable/disable logging web portal messages (default = enable). |
Example
In this example, the local log filters are log and report manager, and system settings. Events in these areas of the FortiAnalyzer unit will be logged.
config system locallog filter
set event enable
set lrmgr enable
set system enable
end
locallog fortianalyzer (fortianalyzer2, fortianalyzer3) setting
Use this command to enable or disable, and select the severity threshold of, remote logging to the FortiAnalyzer units. You can configure up to three FortiAnalyzer devices.
The severity threshold required to forward a log message to the FortiAnalyzer unit is separate from event, syslog, and local logging severity thresholds.
Syntax
config system locallog {fortianalyzer | fortianalyzer2 | fortianalyzer3} setting
set reliable {enable | disable}
set secure-connection {enable | disable}
set server <address>
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set status {disable | realtime | upload}
set upload-time <hh:mm>
end
|
Variable |
Description |
|---|---|
|
reliable {enable | disable} |
Enable/disable reliable realtime logging (default = disable). |
|
secure-connection {enable | disable} |
Enable/disable connection secured by TLS/SSL (default = disable). This variable is available when |
|
server <address> |
Remote FortiAnalyzer server IP address, FQDN, or hostname. |
|
severity {emergency | alert | critical | error | warning | notification | information | debug } |
Select the logging severity level (default = notification). The FortiAnalyzer unit logs all messages at and above the logging severity level you select. |
|
status {disable | realtime | upload} |
Set the log to FortiAnalyzer status:
|
|
upload-time <hh:mm> |
Set the time to upload local log files (default = 00:00). |
Example
You might enable remote logging to the FortiAnalyzer unit configured. Events at the information level and higher, which is everything except debug level events, would be sent to the FortiAnalyzer unit.
config system locallog fortianalyzer setting
set status enable
set severity information
end
locallog memory setting
Use this command to configure memory settings for local logging purposes.
Syntax
config system locallog memory setting
set diskfull {nolog | overwrite}
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set status <enable | disable>
end
|
Variable |
Description |
|---|---|
|
diskfull {nolog | overwrite} |
Enter the action to take when the disk is full:
|
|
severity {emergency | alert | critical | error | warning | notification | information | debug} |
Select the logging severity level (default = notification). The FortiAnalyzer unit logs all messages at and above the logging severity level you select. |
|
status <enable | disable> |
Enable/disable logging to the memory buffer (default = disable). |
Example
This example shows how to enable logging to memory for all events at the notification level and above. At this level of logging, only information and debug events will not be logged.
config system locallog memory
set severity notification
set status enable
end
locallog syslogd (syslogd2, syslogd3) setting
Use this command to configure the settings for logging to a syslog server. You can configure up to three syslog servers: syslogd, syslogd2 and syslogd3.
Syntax
config system locallog {syslogd | syslogd2 | syslogd3} setting
set cert {Fortinet_Local | Fortinet_Local2}
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
set reliable {enable | disable}
set secure-connection {enable | disable}
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set status {enable | disable}
set syslog-name <string>
end
|
Variable |
Description |
|---|---|
|
cert {Fortinet_Local | Fortinet_Local2} |
Select local certificate used for secure connection. |
|
csv {enable | disable} |
Enable/disable producing the log in comma separated value (CSV) format (default = disable). If you do not enable CSV format the FortiAnalyzer unit produces space separated log files. |
|
facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp} |
Enter the facility type (default = local7). The facility identifies the source of the log message to syslog. Change |
|
reliable {enable | disable} |
Enable/disable reliable real time logging (default = disable). |
|
secure-connection {enable | disable} |
Enable/disable connection secured by TLS/SSL (default = disable). This variable is available only when |
|
severity {emergency | alert | critical | error | warning | notification | information | debug} |
Select the logging severity level (default = notification). The FortiAnalyzer unit logs all messages at and above the logging severity level you select. |
|
status {enable | disable} |
Enable/disable logging to the remote syslog server (default = disable). |
|
syslog-name <string> |
Enter the remote syslog server name. To configure a syslog server, use the |
Use the show command to display the current configuration if it has been changed from its default value:
show system locallog syslogd setting
Example
In this example, the logs are uploaded to a previously configured syslog server named logstorage. The FortiAnalyzer unit is identified as facility local0.
config system locallog syslogd setting
set facility local0
set syslog-name logstorage
set status enable
set severity information
end