Traffic log enhancements (7.6.0)
Traffic log priority
You can run the following command to set the attack log with a higher priority than the traffic log. This way, if the logd queue is more than 80% full, FortiWeb will stop generating traffic logs to prioritize the processing of attack logs until the logd queue drops below 80%:
config log traffic-log
set low-priority enable
end
The following event log will be displayed to notify you of the logd status change:
-
When the logd queue exceeds 80% and FortiWeb stops generating traffic logs, you will see the following event log:
Log ID=11000516, Log Level=Debug, MSG=Alog to server queue will be full, pause tlog for a while, Action=pause
-
When the server queue drops below 80% and FortiWeb resumes generating traffic logs, you will see the following event log:
Log ID=11000514, Log Level=Debug, MSG=Alog to server queue is ok, resume tlog for a while, Action=resume
Traffic packet payload size configurable
The maximum size of the traffic packet payload sent to log servers was 1024 bytes before version 7.4.3. This was extended to 4096 bytes in version 7.4.3.
Starting from version 7.6.0, you can set this maximum size yourself with the following command:
config log forti-analyzer
set traffic_packet_size <integer>
end
The default value is 1024, and the valid range is 1-4096.
Please note that larger packet logs cost more time for FortiWeb to encrypt and compress if the log server requires, increasing the likelihood of the logd queue reaching 80% capacity, which may result in some traffic logs being dropped.