Fortinet white logo
Fortinet white logo

CLI Reference

config log setting

config log setting

Configure general log settings.

config log setting

Description: Configure general log settings.

set resolve-ip [enable|disable]

set resolve-port [enable|disable]

set log-user-in-upper [enable|disable]

set fwpolicy-implicit-log [enable|disable]

set fwpolicy6-implicit-log [enable|disable]

set log-invalid-packet [enable|disable]

set local-in-allow [enable|disable]

set local-in-deny-unicast [enable|disable]

set local-in-deny-broadcast [enable|disable]

set local-out [enable|disable]

set local-out-ioc-detection [enable|disable]

set daemon-log [enable|disable]

set neighbor-event [enable|disable]

set brief-traffic-format [enable|disable]

set user-anonymize [enable|disable]

set expolicy-implicit-log [enable|disable]

set log-policy-comment [enable|disable]

set faz-override [enable|disable]

set syslog-override [enable|disable]

set rest-api-set [enable|disable]

set rest-api-get [enable|disable]

set custom-log-fields <field-id1>, <field-id2>, ...

set anonymization-hash {string}

end

config log setting

Parameter

Description

Type

Size

Default

resolve-ip

Enable/disable adding resolved domain names to traffic logs if possible.

option

-

disable

Option

Description

enable

Enable adding resolved domain names to traffic logs.

disable

Disable adding resolved domain names to traffic logs.

resolve-port

Enable/disable adding resolved service names to traffic logs.

option

-

enable

Option

Description

enable

Enable adding resolved service names to traffic logs.

disable

Disable adding resolved service names to traffic logs.

log-user-in-upper

Enable/disable logs with user-in-upper.

option

-

disable

Option

Description

enable

Enable logs with user-in-upper.

disable

Disable logs with user-in-upper.

fwpolicy-implicit-log

Enable/disable implicit firewall policy logging.

option

-

disable

Option

Description

enable

Enable implicit firewall policy logging.

disable

Disable implicit firewall policy logging.

fwpolicy6-implicit-log

Enable/disable implicit firewall policy6 logging.

option

-

disable

Option

Description

enable

Enable implicit firewall policy6 logging.

disable

Disable implicit firewall policy6 logging.

log-invalid-packet

Enable/disable invalid packet traffic logging.

option

-

disable

Option

Description

enable

Enable invalid packet traffic logging.

disable

Disable invalid packet traffic logging.

local-in-allow

Enable/disable local-in-allow logging.

option

-

disable

Option

Description

enable

Enable local-in-allow logging.

disable

Disable local-in-allow logging.

local-in-deny-unicast

Enable/disable local-in-deny-unicast logging.

option

-

disable

Option

Description

enable

Enable local-in-deny-unicast logging.

disable

Disable local-in-deny-unicast logging.

local-in-deny-broadcast

Enable/disable local-in-deny-broadcast logging.

option

-

disable

Option

Description

enable

Enable local-in-deny-broadcast logging.

disable

Disable local-in-deny-broadcast logging.

local-out

Enable/disable local-out logging.

option

-

enable

Option

Description

enable

Enable local-out logging.

disable

Disable local-out logging.

local-out-ioc-detection

Enable/disable local-out traffic IoC detection. Requires local-out to be enabled.

option

-

enable

Option

Description

enable

Enable local-out traffic IoC detection. Requires local-out to be enabled.

disable

Disable local-out traffic IoC detection.

daemon-log

Enable/disable daemon logging.

option

-

disable

Option

Description

enable

Enable daemon logging.

disable

Disable daemon logging.

neighbor-event

Enable/disable neighbor event logging.

option

-

disable

Option

Description

enable

Enable neighbor event logging.

disable

Disable neighbor event logging.

brief-traffic-format

Enable/disable brief format traffic logging.

option

-

disable

Option

Description

enable

Enable brief format traffic logging.

disable

Disable brief format traffic logging.

user-anonymize

Enable/disable anonymizing user names in log messages.

option

-

disable

Option

Description

enable

Enable anonymizing user names in log messages.

disable

Disable anonymizing user names in log messages.

expolicy-implicit-log

Enable/disable explicit proxy firewall implicit policy logging.

option

-

disable

Option

Description

enable

Enable explicit proxy firewall implicit policy logging.

disable

Disable explicit proxy firewall implicit policy logging.

log-policy-comment

Enable/disable inserting policy comments into traffic logs.

option

-

disable

Option

Description

enable

Enable inserting policy comments into traffic logs.

disable

Disable inserting policy comments into traffic logs.

faz-override

Enable/disable override FortiAnalyzer settings.

option

-

disable

Option

Description

enable

Enable override FortiAnalyzer settings.

disable

Disable override FortiAnalyzer settings.

syslog-override

Enable/disable override Syslog settings.

option

-

disable

Option

Description

enable

Enable override Syslog settings.

disable

Disable override Syslog settings.

rest-api-set

Enable/disable REST API POST/PUT/DELETE request logging.

option

-

disable

Option

Description

enable

Enable POST/PUT/DELETE REST API logging.

disable

Disable POST/PUT/DELETE REST API logging.

rest-api-get

Enable/disable REST API GET request logging.

option

-

disable

Option

Description

enable

Enable GET REST API logging.

disable

Disable GET REST API logging.

custom-log-fields <field-id>

Custom fields to append to all log messages.

Custom log field.

string

Maximum length: 35

anonymization-hash

User name anonymization hash salt.

string

Maximum length: 32

config log setting

config log setting

Configure general log settings.

config log setting

Description: Configure general log settings.

set resolve-ip [enable|disable]

set resolve-port [enable|disable]

set log-user-in-upper [enable|disable]

set fwpolicy-implicit-log [enable|disable]

set fwpolicy6-implicit-log [enable|disable]

set log-invalid-packet [enable|disable]

set local-in-allow [enable|disable]

set local-in-deny-unicast [enable|disable]

set local-in-deny-broadcast [enable|disable]

set local-out [enable|disable]

set local-out-ioc-detection [enable|disable]

set daemon-log [enable|disable]

set neighbor-event [enable|disable]

set brief-traffic-format [enable|disable]

set user-anonymize [enable|disable]

set expolicy-implicit-log [enable|disable]

set log-policy-comment [enable|disable]

set faz-override [enable|disable]

set syslog-override [enable|disable]

set rest-api-set [enable|disable]

set rest-api-get [enable|disable]

set custom-log-fields <field-id1>, <field-id2>, ...

set anonymization-hash {string}

end

config log setting

Parameter

Description

Type

Size

Default

resolve-ip

Enable/disable adding resolved domain names to traffic logs if possible.

option

-

disable

Option

Description

enable

Enable adding resolved domain names to traffic logs.

disable

Disable adding resolved domain names to traffic logs.

resolve-port

Enable/disable adding resolved service names to traffic logs.

option

-

enable

Option

Description

enable

Enable adding resolved service names to traffic logs.

disable

Disable adding resolved service names to traffic logs.

log-user-in-upper

Enable/disable logs with user-in-upper.

option

-

disable

Option

Description

enable

Enable logs with user-in-upper.

disable

Disable logs with user-in-upper.

fwpolicy-implicit-log

Enable/disable implicit firewall policy logging.

option

-

disable

Option

Description

enable

Enable implicit firewall policy logging.

disable

Disable implicit firewall policy logging.

fwpolicy6-implicit-log

Enable/disable implicit firewall policy6 logging.

option

-

disable

Option

Description

enable

Enable implicit firewall policy6 logging.

disable

Disable implicit firewall policy6 logging.

log-invalid-packet

Enable/disable invalid packet traffic logging.

option

-

disable

Option

Description

enable

Enable invalid packet traffic logging.

disable

Disable invalid packet traffic logging.

local-in-allow

Enable/disable local-in-allow logging.

option

-

disable

Option

Description

enable

Enable local-in-allow logging.

disable

Disable local-in-allow logging.

local-in-deny-unicast

Enable/disable local-in-deny-unicast logging.

option

-

disable

Option

Description

enable

Enable local-in-deny-unicast logging.

disable

Disable local-in-deny-unicast logging.

local-in-deny-broadcast

Enable/disable local-in-deny-broadcast logging.

option

-

disable

Option

Description

enable

Enable local-in-deny-broadcast logging.

disable

Disable local-in-deny-broadcast logging.

local-out

Enable/disable local-out logging.

option

-

enable

Option

Description

enable

Enable local-out logging.

disable

Disable local-out logging.

local-out-ioc-detection

Enable/disable local-out traffic IoC detection. Requires local-out to be enabled.

option

-

enable

Option

Description

enable

Enable local-out traffic IoC detection. Requires local-out to be enabled.

disable

Disable local-out traffic IoC detection.

daemon-log

Enable/disable daemon logging.

option

-

disable

Option

Description

enable

Enable daemon logging.

disable

Disable daemon logging.

neighbor-event

Enable/disable neighbor event logging.

option

-

disable

Option

Description

enable

Enable neighbor event logging.

disable

Disable neighbor event logging.

brief-traffic-format

Enable/disable brief format traffic logging.

option

-

disable

Option

Description

enable

Enable brief format traffic logging.

disable

Disable brief format traffic logging.

user-anonymize

Enable/disable anonymizing user names in log messages.

option

-

disable

Option

Description

enable

Enable anonymizing user names in log messages.

disable

Disable anonymizing user names in log messages.

expolicy-implicit-log

Enable/disable explicit proxy firewall implicit policy logging.

option

-

disable

Option

Description

enable

Enable explicit proxy firewall implicit policy logging.

disable

Disable explicit proxy firewall implicit policy logging.

log-policy-comment

Enable/disable inserting policy comments into traffic logs.

option

-

disable

Option

Description

enable

Enable inserting policy comments into traffic logs.

disable

Disable inserting policy comments into traffic logs.

faz-override

Enable/disable override FortiAnalyzer settings.

option

-

disable

Option

Description

enable

Enable override FortiAnalyzer settings.

disable

Disable override FortiAnalyzer settings.

syslog-override

Enable/disable override Syslog settings.

option

-

disable

Option

Description

enable

Enable override Syslog settings.

disable

Disable override Syslog settings.

rest-api-set

Enable/disable REST API POST/PUT/DELETE request logging.

option

-

disable

Option

Description

enable

Enable POST/PUT/DELETE REST API logging.

disable

Disable POST/PUT/DELETE REST API logging.

rest-api-get

Enable/disable REST API GET request logging.

option

-

disable

Option

Description

enable

Enable GET REST API logging.

disable

Disable GET REST API logging.

custom-log-fields <field-id>

Custom fields to append to all log messages.

Custom log field.

string

Maximum length: 35

anonymization-hash

User name anonymization hash salt.

string

Maximum length: 32