log : disk filter
 
disk filter
Use this command to define the types of log messages sent to the disk log.
This command is available only on FortiGate units with hard disks.
Syntax
config log disk filter
set admin {enable | disable}
set anomaly {enable | disable}
set auth {enable | disable}
set dhcp {enable | disable}
set dlp-archive {enable | disable}
set event {enable | disable}
set forward-traffic {enable | disable}
set gtp {enable | disable}
set ha {enable | disable}
set ipsec {enable | disable}
set local-traffic {enable | disable}
set mass-mms {enable | disable}
set multicast-traffic {enable | disable}
set netscan-discovery {enable | disable}
set netscan-vulnerability {enable | disable}
set ppp {enable | disable}
set radius {enable | disable}
set severity {alert | critical | debug | emergency | error | information | notification | warning}
set sniffer-traffic {enable | disable}
set system {enable | disable}
set voip {enable | disable}
end
Variable
Description
Default
admin {enable | disable}
Enable or disable logging of administrator-related messages.
enable
anomaly {enable | disable}
Enable or disable logging all detected and prevented attacks based on unknown or suspicious traffic patterns, and the action taken by the FortiGate unit in the attack log. This field is available when attack is enabled.
enable
auth {enable | disable}
Enable or disable logging of authentication-related messages.
enable
dhcp {enable | disable}
Enable or disable logging of DHCP-related messages.
enable
dlp-archive {enable | disable}
Enable or disable logging of data leak prevention content archive events. (FortiAnalyzer only.)
enable
event {enable | disable}
Enable or disable logging of event messages.
enable
forward-traffic {enable | disable}
Enable or disable logging of forwarded traffic messages.
enable
gtp {enable | disable}
Enable or disable FortiOS Carrier logging for GTP messages.
enable
ha {enable | disable}
Enable or disable logging of HA-related messages.
enable
ipsec {enable | disable}
Enable or disable logging of IPsec-related messages.
enable
local-traffic {enable | disable}
Enable or disable logging of local-in or local-out traffic messages.
enable
mass-mms {enable | disable}
Enable or disable FortiOS Carrier logging of a large amount of MMS blocked messages.
enable
multicast-traffic {enable | disable}
Enable or disable logging of multicast traffic messages.
enable
netscan-discovery {enable | disable}
Enable or disable logging of netscan discovery events.
enable
netscan-vulnerability {enable | disable}
Enable or disable logging of netscan vulnerability events.
enable
ppp {enable | disable}
Enable or disable logging of PPP-related messages.
enable
radius {enable | disable}
Enable or disable logging of RADIUS-related messages.
enable
severity {alert | critical | debug | emergency | error | information | notification | warning}
Select the logging severity level. The FortiGate unit logs all messages at and above the logging severity level you select. For example, if you select error, the unit logs error, critical, alert and emergency level messages.
emergency - The system is unusable.
alert - Immediate action is required.
critical - Functionality is affected.
error - An erroneous condition exists and functionality is probably affected.
warning - Functionality might be affected.
notification - Information about normal events.
information - General information about system operations.
debug - Information used for diagnosing or debugging the FortiGate unit.
information
sniffer-traffic {enable | disable}
Enable or disable logging of sniffer traffic messages.
enable
system {enable | disable}
Enable or disable logging of system messages.
enable
voip {enable | disable}
Enable or disable logging of VOIP messages.
enable