Configuring local log settings

Typically, you use the local log to capture information about system health and system administration activities, to verify that your configuration and tunings behave as expected, and to understand threats in recent traffic periods. It is both standard practice and best practice to send security log data to secure remote servers where it can be stored long term and analyzed using preferred analytic tools.

Table 53: Local logging configuration guidelines
Settings	Guidelines
Logging and Archiving
Disk	Select to display settings to manage the disk used for logging.
Minimum log level	Select the lowest severity to log from the following choices: • Emergency—The system has become unstable. • Alert—Immediate action is required. • Critical—Functionality is affected. • Error—An error condition exists and functionality could be affected. • Warning—Functionality might be affected. • Notification—Information about normal events. • Information—General information about system operations. • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior. For example, if you select Error, the system collects logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency. The log level setting applies to both system events and DDoS security events. Tip: To prolong disk life, do not collect notification, information, and debug level logs for long periods of time.
Log file rotate size	Maximum disk space for local logs. The default is 500 MB.
When log disk full	Select log behavior when the maximum disk space for local logs is reached: • Overwrite—Continue logging. Overwrite the earliest logs. • No Log—Stop logging.
Event Logging	Select to enable event logging and then select the types of events that you want included in the event log.