Priority level
Each log message contains a Level (pri
) field that indicates the estimated severity of the event that caused the log message, such as pri=warning
, and therefore how high a priority it is likely to be.
Level (pri ) associations with the descriptions below are not always uniform. They also may not correspond with your own definitions of how severe each event is. If you require notification when a specific event occurs, either configure SNMP traps or alert email by administrator-defined Severity Level (severity_level ) or ID (log_id ), not by Level (pri ). |
Approximate log priority levels
Level (0 is highest) |
Name | Description |
0 | Emergency | The system has become unusable. |
1 | Alert | Immediate action is required. Used in attack logs. |
2 | Critical | Functionality is affected. |
3 | Error | An error condition exists and functionality could be affected. |
4 | Warning | Functionality could be affected. |
5 | Notification | Information about normal events. Used in traffic logs, and in event logs for administrator logins, time changes, and normal daemon actions. |
6 | Information | General information about system operations. Used in event logs for configuration changes. |
For each location where the FortiWeb appliance can store log files (disk, memory, Syslog or FortiAnalyzer), you can define a severity threshold. The FortiWeb appliance will store all log messages equal to or exceeding the log severity level you select.
For example, if you select Error, the FortiWeb appliance will store log messages whose log severity level is Error, Critical, Alert, and Emergency.
Avoid recording log messages using low log severity thresholds such as information or notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure. |