Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Priority level

Each log message contains a Level (pri) field that indicates the estimated severity of the event that caused the log message, such as pri=warning, and therefore how high a priority it is likely to be.

Level (pri) associations with the descriptions below are not always uniform. They also may not correspond with your own definitions of how severe each event is. If you require notification when a specific event occurs, either configure SNMP traps or alert email by administrator-defined Severity Level (severity_level) or ID (log_id), not by Level (pri).
Approximate log priority levels

 

Level

(0 is highest)

Name Description
0 Emergency The system has become unusable.
1 Alert Immediate action is required. Used in attack logs.
2 Critical Functionality is affected.
3 Error An error condition exists and functionality could be affected.
4 Warning Functionality could be affected.
5 Notification Information about normal events. Used in traffic logs, and in event logs for administrator logins, time changes, and normal daemon actions.
6 Information General information about system operations. Used in event logs for configuration changes.

For each location where the FortiWeb appliance can store log files (disk, memory, Syslog or FortiAnalyzer), you can define a severity threshold. The FortiWeb appliance will store all log messages equal to or exceeding the log severity level you select.

For example, if you select Error, the FortiWeb appliance will store log messages whose log severity level is Error, Critical, Alert, and Emergency.

Avoid recording log messages using low log severity thresholds such as information or notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure.

Priority level

Each log message contains a Level (pri) field that indicates the estimated severity of the event that caused the log message, such as pri=warning, and therefore how high a priority it is likely to be.

Level (pri) associations with the descriptions below are not always uniform. They also may not correspond with your own definitions of how severe each event is. If you require notification when a specific event occurs, either configure SNMP traps or alert email by administrator-defined Severity Level (severity_level) or ID (log_id), not by Level (pri).
Approximate log priority levels

 

Level

(0 is highest)

Name Description
0 Emergency The system has become unusable.
1 Alert Immediate action is required. Used in attack logs.
2 Critical Functionality is affected.
3 Error An error condition exists and functionality could be affected.
4 Warning Functionality could be affected.
5 Notification Information about normal events. Used in traffic logs, and in event logs for administrator logins, time changes, and normal daemon actions.
6 Information General information about system operations. Used in event logs for configuration changes.

For each location where the FortiWeb appliance can store log files (disk, memory, Syslog or FortiAnalyzer), you can define a severity threshold. The FortiWeb appliance will store all log messages equal to or exceeding the log severity level you select.

For example, if you select Error, the FortiWeb appliance will store log messages whose log severity level is Error, Critical, Alert, and Emergency.

Avoid recording log messages using low log severity thresholds such as information or notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure.