Configuring local log settings
The local log is a data-store hosted on the FortiDDoS system. The local log disk configuration applies to the system event log.
Typically, you use the local log to capture information about system health and system administration activities, to verify that your configuration and tunings behave as expected, and to understand threats in recent traffic periods. It is both standard practice and best practice to send security log data to secure remote servers where it can be stored long term and analyzed using preferred analytic tools.
Local log disk settings are configurable. You can select a subset of system events. The DDoS attack log events are not configurable.
Before you begin:
- You must have Read-Write permission for Log & Report settings.
See also: Using the event log table, Using the DDoS attack log table.
To configure local log settings:
- Go to Log & Report > Log Configuration > Local Log Settings.
- Complete the configuration as described in the table below.
- Save the configuration.
Local log configuration page
Local logging configuration guidelines
Settings | Guidelines |
---|---|
Logging and Archiving | |
Log to Local Disk | Select to display settings to manage the disk used for logging. |
Minimum Log Level | Select the lowest severity to log from the following choices:
For example, if you select Error, the system collects logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency. The log level setting applies to both system events and DDoS security events. Tip: To prolong disk life, do not collect notification, information, and debug level logs for long periods of time. |
File Size | Maximum disk space for local logs. The default is 500 MB. |
Disk full | Select log behavior when the maximum disk space for local logs is reached:
|
Event Logging | |
Event Logging | Select to enable event logging and then select the types of event category that you want included in the event log. |
CLI commands: config log setting local set loglevel notification set event-log-category configuration admin health_check system ha update default_gateway user spp_switching ir_update end |