Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config log disk setting

Settings for local disk logging.

config log disk setting

Description: Settings for local disk logging.

set status [enable|disable]

set ips-archive [enable|disable]

set max-log-file-size {integer}

set max-policy-packet-capture-size {integer}

set roll-schedule [daily|weekly]

set roll-day {option1}, {option2}, ...

set roll-time {user}

set diskfull [overwrite|nolog]

set log-quota {integer}

set dlp-archive-quota {integer}

set maximum-log-age {integer}

set upload [enable|disable]

set upload-destination {option}

set uploadip {ipv4-address}

set uploadport {integer}

set source-ip {ipv4-address}

set uploaduser {string}

set uploadpass {password}

set uploaddir {string}

set uploadtype {option1}, {option2}, ...

set uploadsched [disable|enable]

set uploadtime {user}

set upload-delete-files [enable|disable]

set upload-ssl-conn [default|high|...]

set full-first-warning-threshold {integer}

set full-second-warning-threshold {integer}

set full-final-warning-threshold {integer}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config log disk setting

Parameter

Description

Type

Size

Default

status

Enable/disable local disk logging.

option

-

disable **

 

Option

Description

enable

Log to local disk.

disable

Do not log to local disk.

ips-archive

Enable/disable IPS packet archiving to the local disk.

option

-

enable

 

Option

Description

enable

Enable IPS packet archiving.

disable

Disable IPS packet archiving.

max-log-file-size

Maximum log file size before rolling .

integer

Minimum value: 1 Maximum value: 100

20

max-policy-packet-capture-size

Maximum size of policy sniffer in MB (0 means unlimited).

integer

Minimum value: 0 Maximum value: 4294967295

100

roll-schedule

Frequency to check log file for rolling.

option

-

daily

 

Option

Description

daily

Check the log file once a day.

weekly

Check the log file once a week.

roll-day

Day of week on which to roll log file.

option

-

sunday

 

Option

Description

sunday

Sunday

monday

Monday

tuesday

Tuesday

wednesday

Wednesday

thursday

Thursday

friday

Friday

saturday

Saturday

roll-time

Time of day to roll the log file (hh:mm).

user

Not Specified

diskfull

Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full .

option

-

overwrite

 

Option

Description

overwrite

Overwrite the oldest logs when the log disk is full.

nolog

Stop logging when the log disk is full.

log-quota

Disk log quota (MB).

integer

Minimum value: 0 Maximum value: 4294967295

0

dlp-archive-quota

DLP archive quota (MB).

integer

Minimum value: 0 Maximum value: 4294967295

0

maximum-log-age

Delete log files older than (days).

integer

Minimum value: 0 Maximum value: 3650

7

upload

Enable/disable uploading log files when they are rolled.

option

-

disable

 

Option

Description

enable

Enable uploading log files when they are rolled.

disable

Disable uploading log files when they are rolled.

upload-destination

The type of server to upload log files to. Only FTP is currently supported.

option

-

ftp-server

 

Option

Description

ftp-server

Upload rolled log files to an FTP server.

uploadip

IP address of the FTP server to upload log files to.

ipv4-address

Not Specified

0.0.0.0

uploadport

TCP port to use for communicating with the FTP server .

integer

Minimum value: 0 Maximum value: 65535

21

source-ip

Source IP address to use for uploading disk log files.

ipv4-address

Not Specified

0.0.0.0

uploaduser

Username required to log into the FTP server to upload disk log files.

string

Maximum length: 35

uploadpass

Password required to log into the FTP server to upload disk log files.

password

Not Specified

uploaddir

The remote directory on the FTP server to upload log files to.

string

Maximum length: 63

uploadtype

Types of log files to upload. Separate multiple entries with a space.

option

-

traffic event virus webfilter IPS emailfilter dlp-archive anomaly voip dlp app-ctrl waf dns ssh ssl cifs **

 

Option

Description

traffic

Upload traffic log.

event

Upload event log.

virus

Upload anti-virus log.

webfilter

Upload web filter log.

IPS

Upload IPS log.

emailfilter

Upload spam filter log.

dlp-archive

Upload DLP archive.

anomaly

Upload anomaly log.

voip

Upload VoIP log.

dlp

Upload DLP log.

app-ctrl

Upload application control log.

waf

Upload web application firewall log.

dns

Upload DNS log.

ssh

Upload SSH log.

ssl

Upload SSL log.

cifs

Upload CIFS log.

file-filter

Upload file-filter log.

icap

Upload ICAP log.

uploadsched

Set the schedule for uploading log files to the FTP server .

option

-

disable

 

Option

Description

disable

Upload when rolling.

enable

Scheduled upload.

uploadtime

Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh).

user

Not Specified

upload-delete-files

Delete log files after uploading .

option

-

enable

 

Option

Description

enable

Delete log files after uploading.

disable

Do not delete log files after uploading.

upload-ssl-conn

Enable/disable encrypted FTPS communication to upload log files.

option

-

default

 

Option

Description

default

FTPS with high and medium encryption algorithms.

high

FTPS with high encryption algorithms.

low

FTPS with low encryption algorithms.

disable

Disable FTPS communication.

full-first-warning-threshold

Log full first warning threshold as a percent .

integer

Minimum value: 1 Maximum value: 98

75

full-second-warning-threshold

Log full second warning threshold as a percent .

integer

Minimum value: 2 Maximum value: 99

90

full-final-warning-threshold

Log full final warning threshold as a percent .

integer

Minimum value: 3 Maximum value: 100

95

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

** Values may differ between models.

config log disk setting

Settings for local disk logging.

config log disk setting

Description: Settings for local disk logging.

set status [enable|disable]

set ips-archive [enable|disable]

set max-log-file-size {integer}

set max-policy-packet-capture-size {integer}

set roll-schedule [daily|weekly]

set roll-day {option1}, {option2}, ...

set roll-time {user}

set diskfull [overwrite|nolog]

set log-quota {integer}

set dlp-archive-quota {integer}

set maximum-log-age {integer}

set upload [enable|disable]

set upload-destination {option}

set uploadip {ipv4-address}

set uploadport {integer}

set source-ip {ipv4-address}

set uploaduser {string}

set uploadpass {password}

set uploaddir {string}

set uploadtype {option1}, {option2}, ...

set uploadsched [disable|enable]

set uploadtime {user}

set upload-delete-files [enable|disable]

set upload-ssl-conn [default|high|...]

set full-first-warning-threshold {integer}

set full-second-warning-threshold {integer}

set full-final-warning-threshold {integer}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config log disk setting

Parameter

Description

Type

Size

Default

status

Enable/disable local disk logging.

option

-

disable **

 

Option

Description

enable

Log to local disk.

disable

Do not log to local disk.

ips-archive

Enable/disable IPS packet archiving to the local disk.

option

-

enable

 

Option

Description

enable

Enable IPS packet archiving.

disable

Disable IPS packet archiving.

max-log-file-size

Maximum log file size before rolling .

integer

Minimum value: 1 Maximum value: 100

20

max-policy-packet-capture-size

Maximum size of policy sniffer in MB (0 means unlimited).

integer

Minimum value: 0 Maximum value: 4294967295

100

roll-schedule

Frequency to check log file for rolling.

option

-

daily

 

Option

Description

daily

Check the log file once a day.

weekly

Check the log file once a week.

roll-day

Day of week on which to roll log file.

option

-

sunday

 

Option

Description

sunday

Sunday

monday

Monday

tuesday

Tuesday

wednesday

Wednesday

thursday

Thursday

friday

Friday

saturday

Saturday

roll-time

Time of day to roll the log file (hh:mm).

user

Not Specified

diskfull

Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full .

option

-

overwrite

 

Option

Description

overwrite

Overwrite the oldest logs when the log disk is full.

nolog

Stop logging when the log disk is full.

log-quota

Disk log quota (MB).

integer

Minimum value: 0 Maximum value: 4294967295

0

dlp-archive-quota

DLP archive quota (MB).

integer

Minimum value: 0 Maximum value: 4294967295

0

maximum-log-age

Delete log files older than (days).

integer

Minimum value: 0 Maximum value: 3650

7

upload

Enable/disable uploading log files when they are rolled.

option

-

disable

 

Option

Description

enable

Enable uploading log files when they are rolled.

disable

Disable uploading log files when they are rolled.

upload-destination

The type of server to upload log files to. Only FTP is currently supported.

option

-

ftp-server

 

Option

Description

ftp-server

Upload rolled log files to an FTP server.

uploadip

IP address of the FTP server to upload log files to.

ipv4-address

Not Specified

0.0.0.0

uploadport

TCP port to use for communicating with the FTP server .

integer

Minimum value: 0 Maximum value: 65535

21

source-ip

Source IP address to use for uploading disk log files.

ipv4-address

Not Specified

0.0.0.0

uploaduser

Username required to log into the FTP server to upload disk log files.

string

Maximum length: 35

uploadpass

Password required to log into the FTP server to upload disk log files.

password

Not Specified

uploaddir

The remote directory on the FTP server to upload log files to.

string

Maximum length: 63

uploadtype

Types of log files to upload. Separate multiple entries with a space.

option

-

traffic event virus webfilter IPS emailfilter dlp-archive anomaly voip dlp app-ctrl waf dns ssh ssl cifs **

 

Option

Description

traffic

Upload traffic log.

event

Upload event log.

virus

Upload anti-virus log.

webfilter

Upload web filter log.

IPS

Upload IPS log.

emailfilter

Upload spam filter log.

dlp-archive

Upload DLP archive.

anomaly

Upload anomaly log.

voip

Upload VoIP log.

dlp

Upload DLP log.

app-ctrl

Upload application control log.

waf

Upload web application firewall log.

dns

Upload DNS log.

ssh

Upload SSH log.

ssl

Upload SSL log.

cifs

Upload CIFS log.

file-filter

Upload file-filter log.

icap

Upload ICAP log.

uploadsched

Set the schedule for uploading log files to the FTP server .

option

-

disable

 

Option

Description

disable

Upload when rolling.

enable

Scheduled upload.

uploadtime

Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh).

user

Not Specified

upload-delete-files

Delete log files after uploading .

option

-

enable

 

Option

Description

enable

Delete log files after uploading.

disable

Do not delete log files after uploading.

upload-ssl-conn

Enable/disable encrypted FTPS communication to upload log files.

option

-

default

 

Option

Description

default

FTPS with high and medium encryption algorithms.

high

FTPS with high encryption algorithms.

low

FTPS with low encryption algorithms.

disable

Disable FTPS communication.

full-first-warning-threshold

Log full first warning threshold as a percent .

integer

Minimum value: 1 Maximum value: 98

75

full-second-warning-threshold

Log full second warning threshold as a percent .

integer

Minimum value: 2 Maximum value: 99

90

full-final-warning-threshold

Log full final warning threshold as a percent .

integer

Minimum value: 3 Maximum value: 100

95

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

** Values may differ between models.