Chapter 12: Logging and Reporting > Configuring local log settings

Configuring local log settings

The local log is a datastore hosted on the FortiADC system.

Typically, you use the local log to capture information about system health and system administration activities. We recommend that you use local logging during evaluation and verification of your initial deployment, and then configure remote logging to send logs to a log management repository where they can be stored long term and analyzed using preferred analytic tools.

Local log disk settings are configurable. You can select a subset of system events, traffic, and security logs.

Before you begin:

To configure local log settings:
  1. Go to Log & Report > Log Setting.

    2. The configuration page displays the Local Log tab.

  2. Complete the configuration as described in Table 123.
  3. Save the configuration.

 Table 123:   Local logging configuration
Settings Guidelines
Status Select to enable local logging.
File Size Maximum disk space for a local log file. The default is 200 MB. When the current log file reaches this size, a new file is created.
Log Level Select the lowest severity to log from the following choices:

  • Emergency—The system has become unstable.
  • Alert—Immediate action is required.
  • Critical—Functionality is affected.
  • Error—An error condition exists and functionality could be affected.
  • Warning—Functionality might be affected.
  • Notification—Information about normal events.
  • Information—General information about system operations.
  • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior.

For example, if you select Error, the system collects logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency.
Disk Full Select log behavior when the maximum disk space for local logs (30% of total disk space) is reached:

  • Overwrite—Continue logging. Overwrite the earliest logs.
  • No Log—Stop logging.
Event Select to enable logging for events.
Event Category Select the types of events to collect in the local log:

  • Configuration—Configuration changes.
  • Admin—Administrator actions.
  • System—System operations, warnings, and errors.
  • User—Authentication results logs.
  • Health Check—Health check results and client certificate validation check results.
  • SLB—Notifications, such as connection limit reached.
  • LLB—Notifications, such as bandwidth thresholds reached.
  • GLB—Notifications, such as the status of associated local SLB and virtual servers.
  • Firewall—Notifications for the "firewall" module, such as SNAT source IP pool is using all of its addresses.
Traffic Select to enable logging for traffic processed by the load balancing modules.
Traffic Category
  • SLB—Server Load Balancing traffic logs related to sessions and throughput.
  • GLB—Global Load Balancing traffic logs related to DNS requests.
Attack Logging Select to enable logging for traffic processed by the security modules.
Security Category
  • DoS—SYN flood protection logs.
  • IP Reputation—IP Reputation logs.
  • WAF—WAF logs.
  • Geo—Geo IP blocking logs.