Fortinet black logo

CLI Reference

log setting

Configure general log settings.

  config log setting
      Description: Configure general log settings.
      set resolve-ip [enable|disable]
      set resolve-port [enable|disable]
      set log-user-in-upper [enable|disable]
      set fwpolicy-implicit-log [enable|disable]
      set fwpolicy6-implicit-log [enable|disable]
      set log-invalid-packet [enable|disable]
      set local-in-allow [enable|disable]
      set local-in-deny-unicast [enable|disable]
      set local-in-deny-broadcast [enable|disable]
      set local-out [enable|disable]
      set daemon-log [enable|disable]
      set neighbor-event [enable|disable]
      set brief-traffic-format [enable|disable]
      set user-anonymize [enable|disable]
      set expolicy-implicit-log [enable|disable]
      set log-policy-comment [enable|disable]
      set log-policy-name [enable|disable]
      set faz-override [enable|disable]
      set syslog-override [enable|disable]
      set custom-log-fields <field-id1>, <field-id2>, ...
  end

config log setting

Parameter Name Description Type Size
resolve-ip Enable/disable adding resolved domain names to traffic logs if possible.
enable: Enable adding resolved domain names to traffic logs.
disable: Disable adding resolved domain names to traffic logs.
option -
resolve-port Enable/disable adding resolved service names to traffic logs.
enable: Enable adding resolved service names to traffic logs.
disable: Disable adding resolved service names to traffic logs.
option -
log-user-in-upper Enable/disable logs with user-in-upper.
enable: Enable logs with user-in-upper.
disable: Disable logs with user-in-upper.
option -
fwpolicy-implicit-log Enable/disable implicit firewall policy logging.
enable: Enable implicit firewall policy logging.
disable: Disable implicit firewall policy logging.
option -
fwpolicy6-implicit-log Enable/disable implicit firewall policy6 logging.
enable: Enable implicit firewall policy6 logging.
disable: Disable implicit firewall policy6 logging.
option -
log-invalid-packet Enable/disable invalid packet traffic logging.
enable: Enable invalid packet traffic logging.
disable: Disable invalid packet traffic logging.
option -
local-in-allow Enable/disable local-in-allow logging.
enable: Enable local-in-allow logging.
disable: Disable local-in-allow logging.
option -
local-in-deny-unicast Enable/disable local-in-deny-unicast logging.
enable: Enable local-in-deny-unicast logging.
disable: Disable local-in-deny-unicast logging.
option -
local-in-deny-broadcast Enable/disable local-in-deny-broadcast logging.
enable: Enable local-in-deny-broadcast logging.
disable: Disable local-in-deny-broadcast logging.
option -
local-out Enable/disable local-out logging.
enable: Enable local-out logging.
disable: Disable local-out logging.
option -
daemon-log Enable/disable daemon logging.
enable: Enable daemon logging.
disable: Disable daemon logging.
option -
neighbor-event Enable/disable neighbor event logging.
enable: Enable neighbor event logging.
disable: Disable neighbor event logging.
option -
brief-traffic-format Enable/disable brief format traffic logging.
enable: Enable brief format traffic logging.
disable: Disable brief format traffic logging.
option -
user-anonymize Enable/disable anonymizing user names in log messages.
enable: Enable anonymizing user names in log messages.
disable: Disable anonymizing user names in log messages.
option -
expolicy-implicit-log Enable/disable explicit proxy firewall implicit policy logging.
enable: Enable explicit proxy firewall implicit policy logging.
disable: Disable explicit proxy firewall implicit policy logging.
option -
log-policy-comment Enable/disable inserting policy comments into traffic logs.
enable: Enable inserting policy comments into traffic logs.
disable: Disable inserting policy comments into traffic logs.
option -
log-policy-name Enable/disable inserting policy name into traffic logs.
enable: Enable inserting policy name into traffic logs.
disable: Disable inserting policy name into traffic logs.
option -
faz-override Enable/disable override FortiAnalyzer settings.
enable: Enable override FortiAnalyzer settings.
disable: Disable override FortiAnalyzer settings.
option -
syslog-override Enable/disable override Syslog settings.
enable: Enable override Syslog settings.
disable: Disable override Syslog settings.
option -
custom-log-fields <field-id> Custom fields to append to all log messages.
Custom log field.
string Maximum length: 35

Configure general log settings.

  config log setting
      Description: Configure general log settings.
      set resolve-ip [enable|disable]
      set resolve-port [enable|disable]
      set log-user-in-upper [enable|disable]
      set fwpolicy-implicit-log [enable|disable]
      set fwpolicy6-implicit-log [enable|disable]
      set log-invalid-packet [enable|disable]
      set local-in-allow [enable|disable]
      set local-in-deny-unicast [enable|disable]
      set local-in-deny-broadcast [enable|disable]
      set local-out [enable|disable]
      set daemon-log [enable|disable]
      set neighbor-event [enable|disable]
      set brief-traffic-format [enable|disable]
      set user-anonymize [enable|disable]
      set expolicy-implicit-log [enable|disable]
      set log-policy-comment [enable|disable]
      set log-policy-name [enable|disable]
      set faz-override [enable|disable]
      set syslog-override [enable|disable]
      set custom-log-fields <field-id1>, <field-id2>, ...
  end

config log setting

Parameter Name Description Type Size
resolve-ip Enable/disable adding resolved domain names to traffic logs if possible.
enable: Enable adding resolved domain names to traffic logs.
disable: Disable adding resolved domain names to traffic logs.
option -
resolve-port Enable/disable adding resolved service names to traffic logs.
enable: Enable adding resolved service names to traffic logs.
disable: Disable adding resolved service names to traffic logs.
option -
log-user-in-upper Enable/disable logs with user-in-upper.
enable: Enable logs with user-in-upper.
disable: Disable logs with user-in-upper.
option -
fwpolicy-implicit-log Enable/disable implicit firewall policy logging.
enable: Enable implicit firewall policy logging.
disable: Disable implicit firewall policy logging.
option -
fwpolicy6-implicit-log Enable/disable implicit firewall policy6 logging.
enable: Enable implicit firewall policy6 logging.
disable: Disable implicit firewall policy6 logging.
option -
log-invalid-packet Enable/disable invalid packet traffic logging.
enable: Enable invalid packet traffic logging.
disable: Disable invalid packet traffic logging.
option -
local-in-allow Enable/disable local-in-allow logging.
enable: Enable local-in-allow logging.
disable: Disable local-in-allow logging.
option -
local-in-deny-unicast Enable/disable local-in-deny-unicast logging.
enable: Enable local-in-deny-unicast logging.
disable: Disable local-in-deny-unicast logging.
option -
local-in-deny-broadcast Enable/disable local-in-deny-broadcast logging.
enable: Enable local-in-deny-broadcast logging.
disable: Disable local-in-deny-broadcast logging.
option -
local-out Enable/disable local-out logging.
enable: Enable local-out logging.
disable: Disable local-out logging.
option -
daemon-log Enable/disable daemon logging.
enable: Enable daemon logging.
disable: Disable daemon logging.
option -
neighbor-event Enable/disable neighbor event logging.
enable: Enable neighbor event logging.
disable: Disable neighbor event logging.
option -
brief-traffic-format Enable/disable brief format traffic logging.
enable: Enable brief format traffic logging.
disable: Disable brief format traffic logging.
option -
user-anonymize Enable/disable anonymizing user names in log messages.
enable: Enable anonymizing user names in log messages.
disable: Disable anonymizing user names in log messages.
option -
expolicy-implicit-log Enable/disable explicit proxy firewall implicit policy logging.
enable: Enable explicit proxy firewall implicit policy logging.
disable: Disable explicit proxy firewall implicit policy logging.
option -
log-policy-comment Enable/disable inserting policy comments into traffic logs.
enable: Enable inserting policy comments into traffic logs.
disable: Disable inserting policy comments into traffic logs.
option -
log-policy-name Enable/disable inserting policy name into traffic logs.
enable: Enable inserting policy name into traffic logs.
disable: Disable inserting policy name into traffic logs.
option -
faz-override Enable/disable override FortiAnalyzer settings.
enable: Enable override FortiAnalyzer settings.
disable: Disable override FortiAnalyzer settings.
option -
syslog-override Enable/disable override Syslog settings.
enable: Enable override Syslog settings.
disable: Disable override Syslog settings.
option -
custom-log-fields <field-id> Custom fields to append to all log messages.
Custom log field.
string Maximum length: 35