config log : config log setting local
 
config log setting local
Use this command to configure basic log settings.
The local log is a datastore hosted on the FortiADC system.
Typically, you use the local log to capture information about system health and system administration activities. We recommend that you use local logging during evaluation and verification of your initial deployment, and then configure remote logging to send logs to a log management repository where they can be stored long term and analyzed using preferred analytic tools.
Local log disk settings are configurable. You can select a subset of system events, traffic, and security logs.
Before you begin:
You must have read-write permission for log settings.
Syntax
config log settings local
set attack-log-cached-lines {0|100|500|800|1000|2000|5000|10000}
set attack-log-category {synflood ipreputation waf geo}
set attack-log-status {enable|disable}
set disk-full {overwrite | nolog}
set event-log-cached-lines {0|100|500|800|1000|2000|5000|10000}
set event-log-category {admin app configuration system user}
set event-log-status {enable|disable}
set loglevel {alert | critical | debug | emerge | error | information | notification | warning}
set rate_limit <integer>
set rotation-size <integer>
set status {enable|disable}
set traffic-log-cached-lines {0|100|500|800|1000|2000|5000|10000}
set traffic-log-category {slb dns}
set traffic-log-status {enable|disable}
end
attack-log-cached-lines
Limit the number of logs that are cached. The default is 0 (disabled). Valid multiples are 100, 500, 800, 1000, 2000, 5000, 10000. If 0, every generated log is written to disk immediately. If 1000, logs are written to disk in batches of 1000.
attack-log-category
synflood— SYN flood protection logs.
ipreputation— IP Reputation logs.
waf—WAF logs.
geo—Geo logs.
attack-log-status
Enable/disable logging for the category.
disk-full
Specify log behavior when the maximum disk space for local logs (30% of total disk space) is reached:
overwrite—Continue logging. Overwrite the earliest logs.
nolog—Stop logging.
event-log-cached-lines
Limit the number of logs that are cached. The default is 0 (disabled). Valid multiples are 100, 500, 800, 1000, 2000, 5000, 10000. If 0, every generated log is written to disk immediately. If 1000, logs are written to disk in batches of 1000.
event-log-category
Specify the types of events to collect in the local log:
Configuration—Configuration changes.
Admin—Administrator actions.
Application—Health check results.
System—System operations, warnings, and errors.
User—Authentication results.
event-log-status
Enable/disable logging for the category.
loglevel
Specify the lowest severity for which alerts are sent:
Emergency—The system has become unstable.
Alert—Immediate action is required.
Critical—Functionality is affected.
Error—An error condition exists and functionality could be affected.
Warning—Functionality might be affected.
Notification—Information about normal events.
Information—General information about system operations.
Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior.
For example, if you select error, the system sends alerts with level Error, Critical, Alert, and Emergency. If you select alert, the system sends alerts with level Alert and Emergency.
rate_limit
Rate limit logging (logs/second). The default is 0 (disabled).
rotation-size
Maximum size for a local log file. The default is 200 MB. When the current log file reaches this size, a new file is created.
status
Enable/disable local logging.
traffic-log-cached-lines
Limit the number of logs that are cached. The default is 0 (disabled). Valid multiples are 100, 500, 800, 1000, 2000, 5000, 10000. If 0, every generated log is written to disk immediately. If 1000, logs are written to disk in batches of 1000.
traffic-log-category
slb—Server load balancing logs.
dns—Global load balancing logs.
traffic-log-status
Enable/disable logging for the category.
 
Example
FortiADC-VM # config log setting local
 
FortiADC-VM (local) # get
status : enable
rotation-size : 200
disk-full : overwrite
loglevel : information
event-log-status : enable
event-log-category : configuration admin app system user
traffic-log-status : disable
attack-log-status : disable
rate_limit : 0
 
FortiADC-VM (local) # end