Fortinet white logo
Fortinet white logo

Handbook

Configuring local log settings

Configuring local log settings

The local log is a data-store hosted on the FortiDDoS system. The local log disk configuration applies to the system event log.

Typically, you use the local log to capture information about system health and system administration activities, to verify that your configuration and tunings behave as expected, and to understand threats in recent traffic periods. It is both standard practice and best practice to send security log data to secure remote servers where it can be stored long term and analyzed using preferred analytic tools.

Local log disk settings are configurable. You can select a subset of system events. The DDoS attack log events are not configurable.

Before you begin:

  • You must have Read-Write permission for Log & Report settings.

See also: Using the event log table, Using the DDoS attack log table.

To configure local log settings:
  1. Go to Log & Report > Log Configuration > Local Log Settings.
  2. Complete the configuration as described in the table below.
  3. Save the configuration.

Local log configuration page

Local logging configuration guidelines

Settings Guidelines
Logging and Archiving
Log to Local Disk Select to display settings to manage the disk used for logging.
Minimum Log Level Select the lowest severity to log from the following choices:

  • Emergency—The system has become unstable.
  • Alert—Immediate action is required.
  • Critical—Functionality is affected.
  • Error—An error condition exists and functionality could be affected.
  • Warning—Functionality might be affected.
  • Notification—Information about normal events.
  • Information—General information about system operations.
  • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior.

For example, if you select Error, the system collects logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency. The log level setting applies to both system events and DDoS security events.

Tip: To prolong disk life, do not collect notification, information, and debug level logs for long periods of time.
File Size Maximum disk space for local logs. The default is 500 MB.
Disk full Select log behavior when the maximum disk space for local logs is reached:
  • Overwrite—Continue logging. Overwrite the earliest logs.
  • No Log—Stop logging.
Event Logging
Event Logging Select to enable event logging and then select the types of event category that you want included in the event log.

CLI commands:

config log setting local

set loglevel notification

set event-log-category configuration admin health_check system ha update default_gateway user spp_switching ir_update

end

Configuring local log settings

Configuring local log settings

The local log is a data-store hosted on the FortiDDoS system. The local log disk configuration applies to the system event log.

Typically, you use the local log to capture information about system health and system administration activities, to verify that your configuration and tunings behave as expected, and to understand threats in recent traffic periods. It is both standard practice and best practice to send security log data to secure remote servers where it can be stored long term and analyzed using preferred analytic tools.

Local log disk settings are configurable. You can select a subset of system events. The DDoS attack log events are not configurable.

Before you begin:

  • You must have Read-Write permission for Log & Report settings.

See also: Using the event log table, Using the DDoS attack log table.

To configure local log settings:
  1. Go to Log & Report > Log Configuration > Local Log Settings.
  2. Complete the configuration as described in the table below.
  3. Save the configuration.

Local log configuration page

Local logging configuration guidelines

Settings Guidelines
Logging and Archiving
Log to Local Disk Select to display settings to manage the disk used for logging.
Minimum Log Level Select the lowest severity to log from the following choices:

  • Emergency—The system has become unstable.
  • Alert—Immediate action is required.
  • Critical—Functionality is affected.
  • Error—An error condition exists and functionality could be affected.
  • Warning—Functionality might be affected.
  • Notification—Information about normal events.
  • Information—General information about system operations.
  • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior.

For example, if you select Error, the system collects logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency. The log level setting applies to both system events and DDoS security events.

Tip: To prolong disk life, do not collect notification, information, and debug level logs for long periods of time.
File Size Maximum disk space for local logs. The default is 500 MB.
Disk full Select log behavior when the maximum disk space for local logs is reached:
  • Overwrite—Continue logging. Overwrite the earliest logs.
  • No Log—Stop logging.
Event Logging
Event Logging Select to enable event logging and then select the types of event category that you want included in the event log.

CLI commands:

config log setting local

set loglevel notification

set event-log-category configuration admin health_check system ha update default_gateway user spp_switching ir_update

end