The logging Facility is one of the most useful tools of the Fortigate Firewall. See with us hot-to enable it and have it working properly. Stay with us!
2. INTRODUCTION
One of the most useful tools on the FortiGate machine is the logging facility.
There are several methods to enable logging, they differ from the facility you will use to
save them. You could keep them on a circular buffer in the system memory, on the
system hard disk (if your system has one), send them to a FortiManager station, to a
FortiAnalyzer or to the FortiCloud service (if you have subscription).
In the following slides, we will show you how to enable logging and some tips to get it
working either you chose to use the system memory or hard disk.
3. CONFIGURING LOGGING
To configure logging you should go to: Log & Report > Log Config > Log Settings
In our example we have chosen to send
logs to the hard disk. This destination
could be configured checking the Disk
check box under the “Logging and
Archiving” section.
Be sure that under the “GUI Preferences”
section the “Display Logs From” is
configured on Disk. This setting is
required in order to get logs from the
correct source when you try to read
them from the
Log & Report > Traffic Log > Forward
Traffic or from Log & Report > Event Log
> System
4. CONFIGURING LOGGING – CONTINUED
Sometimes may happen that under the “Logging and Archiving” menu the Disk option is not available.
This problem could happen in case the system Disk is not installed or the logging to disk has been
disabled using the CLI.
In order to enable logging to disk, connect to the FortiGate CLI and give the following commands:
config log disk setting
set status enable
end
Sometimes may happen that under the “Display Logs From” menu the Disk option is not available.
This problem could happen in case the system Disk is not formatted. In order to verify this eventuality
use the following command from the system CLI:
get system status
In case you get “Log hard disk: Need format” a disk format is required. Use the following command to
execute it:
execute formatlogdisk
The system will reboot and then you will be able to configure the above option.
5. CONFIGURING LOGGING – CONTINUED
In case you want to enable logging to the system memory (in case the hard disk is
not available) you should activate it using the following CLI commands:
config log memory setting
set status enable
end
Then the memory should be selected in the “Display Logs From” menu.
Only a reduced set of logs will be available using this method because the circular
buffer is reduced in size.
6. DISPLAYING LOGS
Logs could be viewed under Log & Report > Log Config , then you should chose which log
you want to view.
For example, “Traffic Logs” shows you logs related to the traffic flowing through the firewall,
“Event Logs” shows system related events.
NOTE: In the example there is a
column with the “Application
Name”., this information is
available
only
enabling
Application Control (shown on
future postings).
7. MORE NEEDS?
See hints on www.ipmax.it
Or email us your questions to info_ipmax@ipmax.it
8. IPMAX
IPMAX is a Fortinet Partner in Italy.
IPMAX is the ideal partner for companies seeking quality in products and
services. IPMAX guarantees method and professionalism to support its
customers in selecting technologies with the best quality / price ratio, in the
design, installation, commissioning and operation.
IPMAX srl
Via Ponchielli, 4
20063 Cernusco sul Naviglio (MI) – Italy
+39 02 9290 9171