config log
Use the config log
commands to set the logging type, the logging severity level, and the logging location for the system:
- config log custom-field
- config log disk filter
- config log disk setting
- config log eventfilter
- config log gui
- config log memory filter
- config log memory global-setting
- config log memory setting
- config log {syslogd | syslogd2 | syslogd3} filter
- config log {syslogd | syslogd2 | syslogd3} setting
config log custom-field
Use the following command to customize the log fields with a name and/or value. The custom name and/or value will appear in the log message.
Syntax
config log custom-field
edit <id>
set name <name>
set value <int>
end
Variable |
Description |
Default |
<id > |
Enter the identification string for the custom log. |
No default |
name <name> |
Enter a name to identify the log. You can use letters, numbers, (‘_‘), but no special characters such as the number symbol (#). The name cannot exceed 16 characters. |
No default |
value <int> |
Enter an integer value to associate with the log. |
No default |
Example
This example shows how to configure a customized field for a log:
config log custom-field
edit 1
set name "Vlan"
set value 3
end
config log disk filter
Use this command to define the types of events to log in flash memory.
Syntax
config log disk filter
set severity {emergency | alert | critical | error | warning | notification | information | debug}
end
Variable |
Description |
Default |
severity {emergency | alert | critical | error | warning | notification | information | debug} |
Select the logging severity level. The system logs all messages at and above the logging severity level you select. For example, if you select error , the system logs error , critical , alert and emergency level messages.
|
alert
|
Example
This example shows how to configure the system to log alert-level and emergency-level events to flash memory:
config log disk filter
set severity alert
end
config log disk setting
Use this command to save event logs in flash memory. This command can be used only on FortiSwitch models that have more than 14 megabytes of flash memory. Up to 15 percent of the data2 partition is used for these logs. By default, event log messages are not saved to flash memory.
Syntax
config log disk setting
set status {disable | enable}
set max-log-file-size <integer>
set diskfull {nolog | overwrite}
set log-quota <integer>
set full-first-warning-threshold <20-80>
set full-second-warning-threshold <50-95>
set full-final-warning-threshold <70-100>
end
Variable |
Description |
Default |
status {disable | enable} |
Enter |
disable |
max-log-file-size <integer> |
Enter the maximum size of the log file, in megabytes, before the log file begins rolling. This value might be inaccurate sometimes. The maximum size of the log file cannot exceed the |
1 |
diskfull {nolog | overwrite} |
When the disk is full, set the system to stop logging or to overwrite the oldest log. |
overwrite |
log-quota <integer> |
Enter the number of megabytes allowed for log messages in flash memory. |
1 |
full-first-warning-threshold <20-80> |
Enter to configure the first warning before reaching the threshold. You can enter a number between 20 and 80. |
75 |
full-second-warning-threshold <50-95> |
Enter to configure the second warning before reaching the threshold. You can enter a number between 50 and 95. |
90 |
full-final-warning-threshold <70-100> |
Enter to configure the final warning before reaching the threshold. You can enter a number between 70 and 100. |
95 |
Example
This example shows how to configure log settings:
config log disk setting
set status enable
set max-log-file-size 5
set diskfull nodisk
set log-quota 5
set full-first-warning-threshold 50
set full-second-warning-threshold 75
set full-final-warning-threshold 90
end
config log eventfilter
Use this command to configure event logging.
Syntax
config log eventfilter
set event {enable | disable}
set router {enable | disable}
set system {enable | disable}
set user {enable | disable}
end
Variable |
Description |
Default |
event {enable | disable} |
Log event messages. Must be enabled to make the following fields available. |
enable |
router {enable | disable} |
Log router activity messages. |
enable |
system {enable | disable} |
Log system activity messages. |
enable |
user {enable | disable} |
Log user activity messages. |
enable |
Example
This example shows how to configure event logging:
config log eventfilter
set event enable
set router enable
set system enable
set user enable
end
config log gui
Use this command to select the device from which logs are displayed in the Web-based manager.
Syntax
config log gui
set log-device memory
end
Variable |
Description |
Default |
log-device memory |
Select the device from which logs are displayed in the Web-based manager. Currently, only logging to memory is available. |
memory |
config log memory filter
Use this command to configure the filter for the memory buffer.
Syntax
config log memory filter
set severity {alert | critical | debug | emergency | error |
information | notification | warning}
end
Variable |
Description |
Default |
severity {alert | critical | debug | emergency | error | information | notification | warning} |
Select the logging severity level. The system logs all messages at and above the logging severity level you select. For example, if you select error , the system logs error , critical , alert and emergency level messages.
|
information |
Example
This example shows how to configure the memory log filter:
config log memory filter
set severity alert
end
config log memory global-setting
Use this command to configure log threshold warnings, as well as the maximum buffer lines, for the FortiSwitch system memory.
The FortiSwitch system memory has a limited capacity and displays only the most recent log entries. Traffic logs are not stored in the memory buffer, due to the high volume of traffic information. After all available memory is used, by default, the system begins to overwrite the oldest log messages. All log entries are deleted when the system restarts.
Syntax
config log memory global-setting
set full-final-warning-threshold <int>
set full-first-warning-threshold <int>
set full-second-warning-threshold <int>
set hourly-upload {disable | enable}
set max-size <int>
end
Variable |
Description |
Default |
full-final-warning-threshold <int> |
Enter to configure the final warning before reaching the threshold. You can enter a number between 3 and 100. |
95 |
full-first-warning-threshold <int> |
Enter to configure the first warning before reaching the threshold. You can enter a number between 1 and 98. |
75 |
full-second-warning-threshold <int> |
Enter to configure the second warning before reaching the threshold. You can enter a number between 2 and 99. |
90 |
hourly-upload {disable | enable} |
Enter |
disable |
max-size <int> |
Enter the maximum size of the memory buffer log, in bytes. |
98304 |
Example
This example shows how to configure log threshold warnings and the maximum buffer lines:
config log memory global-setting
set full-final-warning-threshold 45
set full-first-warning-threshold 25
set full-second-warning-threshold 45
set hourly-upload enable
set max-size 12288
end
config log memory setting
Use this command to configure log settings for logging to the system memory.
The system memory has a limited capacity and only displays the most recent log entries. Traffic logs are not stored in the memory buffer, due to the high volume of traffic information. After all available memory is used, by default, the system begins to overwrite the oldest messages. All log entries are deleted when the system restarts.
Syntax
config log memory setting
set status {disable | enable}
set diskfull overwrite
end
Variable |
Description |
Default |
status {disable | enable} |
Enter |
disable |
diskfull overwrite |
Overwrite the oldest log when the log device is full. |
No default |
Example
This example shows how to configure log settings:
config log memory setting
set status enable
set diskfull overwrite
end
config log {syslogd | syslogd2 | syslogd3} filter
Use this command to configure log filter options. Log filters define the types of log messages sent to each log location.
Syntax
config log {syslogd | syslogd2 | syslogd3} filter
set severity {alert | critical | debug | emergency | error |
information | notification | warning}
end
Variable |
Description |
Default |
severity {alert | critical | debug | emergency | error | information | notification | warning} |
Select the logging severity level. The system logs all messages at and above the logging severity level you select. For example, if you select error , the system logs error , critical , alert and emergency level messages.
|
information |
status {enable | disable} |
Enable or disable remote syslog logging. |
disable |
Example
This example shows how to configure log filter options:
config log syslogd filter
set severity information
end
config log {syslogd | syslogd2 | syslogd3} setting
Use this command to configure log settings for logging to the system memory.
The system memory has a limited capacity and only displays the most recent log entries. Traffic logs are not stored in the memory buffer, due to the high volume of traffic information. After all available memory is used, by default, the system begins to overwrite the oldest messages. All log entries are deleted when the system restarts.
Syntax
config log {syslogd | syslogd2 | syslogd3} setting
set status {disable | enable}
set enc-algorithm {disable | high | high-medium | low}
set certificate <certificate_name>
set server <server_name>
set mode {legacy-reliable | reliable | udp}
set port <port_number>
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
set source-ip <IPv4_address>
end
Variable |
Description |
Default |
status {disable | enable} |
Enter |
disable |
enc-algorithm {disable | high | high-medium | low} |
Set to |
disable |
certificate <certificate_name> |
Specify the certificate to use to communicate with the syslog server. |
No default |
server <server_name> |
This field is available with |
No default |
mode {legacy-reliable | reliable | udp} |
Set to
This field is available with |
udp |
port <port_number> |
Set the port number that the server listens to.
If the mode is set to
This field is available with |
514 |
csv {enable | disable} |
Enable or disable comma-separated values.
This field is available with |
disable |
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp} |
This field is available with status is set to enable . Select the facility for remote syslog:
|
local7 |
source-ip <IPv4_address> |
This field is available with |
0.0.0.0 |
Example
This example shows how to configure log settings:
config log syslogd setting
set status enable
set server "1.2.3.4"
set port 5
end