Priority level
Each log message contains a Level (pri) field that indicates the estimated severity of the event that caused the log message, such as pri=warning, and therefore how high a priority it is likely to be.
|
Level (pri) associations with the descriptions below are not always uniform. They also may not correspond with your own definitions of how severe each event is. If you require notification when a specific event occurs, either configure SNMP traps or alert email by administrator-defined Severity Level (severity_level) or ID (log_id), not by Level (pri). |
Approximate log priority levels
|
Level (0 is highest) |
Name | Description |
| 0 | Emergency | The system has become unusable. |
| 1 | Alert | Immediate action is required. |
| 2 | Critical | Functionality is affected. |
| 3 | Error | An error condition exists and functionality could be affected. |
| 4 | Warning | Functionality could be affected. |
| 5 | Notification | Information about normal events. |
| 6 | Information | General information about system operations. |
The priority levels vary across log types:
-
Event logs include all priority levels listed in the table.
-
Attack logs are always assigned the Alert level.
-
Traffic logs are always assigned the Notification level.
For each location where the FortiWeb appliance can store log files (disk, memory, Syslog or FortiAnalyzer), you can define a severity threshold. The FortiWeb appliance will store all log messages equal to or exceeding the log severity level you select. For example, if you select Error, the FortiWeb appliance will store log messages whose log severity level is Error, Critical, Alert, and Emergency.
|
|
Avoid recording log messages using low log severity thresholds such as information or notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure. |