Fortinet black logo

FortiGate-7000F Handbook

Using direct SLBC logging to optimize logging performance

Copy Link
Copy Doc ID fd130345-bc33-11ec-9fd1-fa163e15d75b:957266
Download PDF

Using direct SLBC logging to optimize logging performance

Direct SLBC logging improves performance by sending FPM log messages directly to one of the FortiGate-7121F M1, M2, M3, or M4 interfaces of the FIM in slot 1 or slot 2. Log messages are sent from the FPMs over the chassis management backplane, directly to the configured M interface, bypassing FIM CPUs. Direct logging may also improve logging performance by separating logging traffic from data traffic.

Choose the interface to use for direct SLBC logging depending on your expected log message bandwidth requirements and the other uses you might have for the 100G M1 and M2 interfaces or the 10G M3 and M4 interfaces. The interface that you choose has to have an IP address and the syslog servers must be reachable from the interface. The interface can't be used for other traffic. No special syslog configuration is required. The syslog servers must be able to accept log messages over UDP.

Use the following command to enable direct SLBC logging and select an interface to send log messages to.

config log slbc global-setting

set direct-log-mode {disabled | udp}

set direct-log-dev <interface-name>

end

direct-log-mode {disabled | udp} select udp to enable direct SLBC logging. The default is disabled.

direct-log-dev <interface-name> select the interface to use for direct SLBC logging. You can only select one physical interface. VLANs and LAGs are not supported.

Using direct SLBC logging to optimize logging performance

Direct SLBC logging improves performance by sending FPM log messages directly to one of the FortiGate-7121F M1, M2, M3, or M4 interfaces of the FIM in slot 1 or slot 2. Log messages are sent from the FPMs over the chassis management backplane, directly to the configured M interface, bypassing FIM CPUs. Direct logging may also improve logging performance by separating logging traffic from data traffic.

Choose the interface to use for direct SLBC logging depending on your expected log message bandwidth requirements and the other uses you might have for the 100G M1 and M2 interfaces or the 10G M3 and M4 interfaces. The interface that you choose has to have an IP address and the syslog servers must be reachable from the interface. The interface can't be used for other traffic. No special syslog configuration is required. The syslog servers must be able to accept log messages over UDP.

Use the following command to enable direct SLBC logging and select an interface to send log messages to.

config log slbc global-setting

set direct-log-mode {disabled | udp}

set direct-log-dev <interface-name>

end

direct-log-mode {disabled | udp} select udp to enable direct SLBC logging. The default is disabled.

direct-log-dev <interface-name> select the interface to use for direct SLBC logging. You can only select one physical interface. VLANs and LAGs are not supported.