log
Use the following commands to configure log settings.
log alert
Use this command to configure log based alert settings.
Syntax
config system log alert
set max-alert-count <integer>
end
Variable |
Description |
---|---|
max-alert-count <integer> |
Maximum number of alerts supported (100 - 50000, default = 10000). |
log device-disable
Use this command to disable the client device logging.
Syntax
config system log device-disable
edit <id>
set device <string>
set TTL <string>
end
Variable |
Description |
---|---|
<id> |
The device ID. |
device <string> |
The device ID to be used for disabling logging. Note: The device ID is not checked against the currently registered devices in the system. The entered device ID is ignored if no match is found. |
TTL <string> |
Set the duration for Time to Live (TTL). For instance, enter Supported units:
Leave the field unset for no expiration. Note: Do not input auto generated part from |
fos-policy-stats
Use this command to configure FortiOS policy statistics settings.
Syntax
config system log fos-policy-stats
set retention-days <integer>
set sampling-interval <integer>
set status{enable | disable}
end
Variable |
Description |
---|---|
retention-days <integer> |
The number of days that FortiOS policy stats are stored (60 - 1825, default = 365). |
sampling-interval <integer> |
The interval in which policy stats data are received from FortiOS devices, in minutes (5 - 1440, default = 60). |
status {enable | disable} |
Enable/disable FortiOS policy statistics feature (default = enable). |
log interface-stats
Use this command to configure log based interface statistics settings.
Syntax
config system log interface-stats
set billing-report {enable | disable}
set retention-days <integer>
set sampling-interval <integer>
set status {enable | disable}
end
Variable |
Description |
---|---|
billing-report {enable | disable} |
Enable/disable billing report feature (default = disable). |
retention-days <integer> |
The number of days that interface data are stored (0 - 2000, default = 100). |
sampling-interval <integer> |
The interval in which interface data are received from FortiGate devices, in seconds (300 - 86400, default = 1200). |
status {enable | disable} |
Enable/disable interface statistics (default = enable). |
log ioc
Use this command to configure log based IoC (Indicators of Compromise) settings.
Syntax
config system log ioc
set notification {enable | disable}
set notification-throttle <integer>
set rescan-max-runner <integer>
set rescan-run-at <integer>
set rescan-status {enable | disable}
set status {enable | disable}
end
Variable |
Description |
---|---|
notification {enable | disable} |
Enable/disable IoC notification (default = enable). |
notification-throttle <integer> |
Set the minute value for throttling the rate of IoC notifications (1 - 10080, default = 1440). |
rescan-max-runner <integer> |
Set the maximum number of concurrent IoC rescans (1 to CPU count, default = 8). |
rescan-run-at <integer> |
Set the hour of the day when IoC rescan runs (1 - 24, 0 = run immediately, default = 24). |
rescan-status {enable | disable} |
Enable/disable IoC rescan (default = enable). |
status {enable | disable} |
Enable/disable the IoC feature (default = enable). |
log mail-domain
Use this command to configure FortiMail domain settings.
Syntax
config system log mail-domain
edit <id>
set devices <string>
set domain <string>
set vdom <string>
end
Variable |
Description |
---|---|
<id> |
The ID of the FortiMail domain. |
devices <string> |
The device IDs for domain to VDOM mapping, separated by commas (default = All_FortiMails). For example: |
domain <string> |
The FortiMail domain. |
vdom <string> |
The VDOM name that is mapping to the FortiMail domain. |
log ratelimit
Use this command to log the rate limit.
Syntax
config system log ratelimit
set device-ratelimit-default <integer>
set mode {disable | manual}
set system-ratelimit <integer>
config ratelimits
edit id
set filter <string>
set filter-type {adom | devid}
set ratelimit <integer>
end
end
Variable |
Description |
---|---|
device-ratelimit-default <integer> |
The default maximum device log rate limit (default = 0). Note: This command is only available when the mode is set to |
mode {disable | manual} |
The logging rate limit mode (default = disable). In the manual mode, the system rate limit and the device rate limit both are configurable, no limit if not configured. |
system-ratelimit <integer> |
The maximum system log rate limit (default = 0). Note: This command is only available when the mode is set to |
ratelimits |
The device log rate limit. |
Variables for |
|
<id> |
The device id. |
filter <string> |
The device(s) or ADOM filter according to the filter-type setting. Note: Wildcard expression is supported. |
filter-type { adom | devid} |
The device filter type (default = devid):
|
ratelimit <integer> |
The maximum device log rate limit (default = 0). |
log settings
Use this command to configure settings for logs.
Syntax
config system log settings
set browse-max-logfiles <integer>
set device-auto-detect {enable | disable}
set dns-resolve-dstip {enable | disable}
set download-max-logs <integer>
set FAC-custom-field1 <string>
set FCH-custom-field1 <string>
set FCT-custom-field1 <string>
set FDD-custom-field1 <string>
set FGT-custom-field1 <string>
set FML-custom-field1 <string>
set FPX-custom-field1 <string>
set FSA-custom-field1 <string>
set FWB-custom-field1 <string>
set ha-auto-migrate {enable | disable}
set import-max-logfiles <integer>
set keep-dev-logs {enable | disable}
set log-file-archive-name {basic | extended}
set log-interval-dev-no-logging <interger>
set log-upload-interval-dev-no-logging <interval>
set sync-search-timeout <integer>
set unencrypted-logging {enable | disable}
config {rolling-regular | rolling-local | rolling-analyzer}
set days {fri | mon| sat | sun | thu | tue | wed}
set del-files {enable | disable}
set directory <string>
set file-size <integer>
set gzip-format {enable | disable}
set hour <integer>
set log-format {csv | native | text}
set min <integer>
set password <passwd>
set password2 <passwd>
set password3 <passwd>
set port <integer>
set port2 <integer>
set port3 <integer>
set rolling-upgrade-status <integer>
set server <string>
set server-type {ftp | scp | sftp}
set server2 <string>
set server3 <string>
set upload {enable | disable}
set upload-hour <integer>
set upload-mode {backup | mirror}
set upload-trigger {on-roll | on-schedule}
set username <string>
set username2 <string>
set username3 <string>
set when {daily | none | weekly}
end
end
Variable |
Description |
---|---|
browse-max-logfiles <integer> |
Maximum number of log files for each log browse attempt, per ADOM (default = 10000). |
device-auto-detect {enable | disable} |
Enable/disable looking up device ID in syslog received with no encryption (default = enable). |
dns-resolve-stip {enable | disable} |
Enable/disable resolving destination IP by DNS (default = disable). |
download-max-logs <integer> |
Maximum number of logs for each log download attempt (default = 100000). |
FAC-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
FCH-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
FCT-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
FDD-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
FGT-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
FML-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
FPX-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
FSA-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
FWB-custom-field1 <string> |
Enter a name of the custom log field to index (character limit = 31). |
ha-auto-migrate {enable | disable} |
Enabled/disable automatically merging HA member's logs to HA cluster (default = disable). |
import-max-logfiles <integer> |
Maximum number of log files for each log import attempt (default = 10000). |
keep-dev-logs {enable | disable} |
Enable/disable keeping the device logs after the device has been deleted (default = disable). |
log-file-archive-name {basic | extended} |
Log file name format for archiving.
|
log-interval-dev-no-logging <interger> |
Interval in minutes of no log received from a device when considering the device down (default = 15). |
log-upload-interval-dev-no-logging <interger> |
Interval in minutes of no log uploaded from a device when considering the device down (default = 360). |
sync-search-timeout <integer> |
The maximum amount of time that a log search session can run in synchronous mode, in seconds (1 - 86400, default = 60). |
unencrypted-logging {enable | disable} |
Enable/disable receiving syslog through UDP(514) or TCP(514) un-encrypted (default = disable). |
Variables for |
|
days {fri | mon| sat | sun | thu | tue | wed} |
Log files rolling schedule (days of the week). When |
del-files {enable | disable} |
Enable/disable log file deletion after uploading (default = disable). |
directory <string> |
The upload server directory (character limit = 127). |
file-size <integer> |
Roll log files when they reach this size, in megabytes (10 - 1000, default = 200). |
gzip-format {enable | disable} |
Enable/disable compression of uploaded log files (default = disable). |
hour <integer> |
The hour of the day that log files are rolled (0 - 23, default = 0). |
log-format {csv | native | text} |
Format of uploaded log files:
|
min <integer> |
The minute of the hour that log files are rolled (0 - 59, default = 0). |
password <passwd> password2 <passwd> password3 <passwd> |
Upload server log in passwords (character limit = 128). |
port <integer> port2 <integer> port3 <integer> |
Upload server IP port number. |
rolling-upgrade-status <integer> |
The rolling upgrade status. |
server <string> server2 <string> server3 <string> |
Upload server FQDN, IPv4, or IPv6 addresses. Configure up to three servers. |
server-type {ftp | scp | sftp} |
Upload server type (default = ftp). |
upload {enable | disable} |
Enable/disable log file uploads (default = disable). |
upload-hour <integer> |
The hour of the day that log files are uploaded (0 - 23, default = 0). |
upload-mode {backup | mirror} |
Configure upload mode with multiple servers. Servers are tried then used one after the other upon failure to connect.
|
upload-trigger {on-roll | on-schedule} |
Event triggering log files upload:
|
username <string> username2 <string> username3 <string> |
Upload server log in usernames (character limit = 35). |
when {daily | none | weekly} |
Roll log files periodically:
|
log topology
Use this command to configure settings for the logging topology.
Syntax
config system log topology
set max-depth <integer>
set max-depth-share <integer>
end
Variable |
Description |
---|---|
max-depth <integer> |
Maximum levels to descend from this device to get the logging topology information (0 - 32, default = 5). |
max-depth-share <integer> |
Maximum levels to descend from this device to share logging topology information with upstream (0 - 32, default = 5). |