log : disk setting
 
disk setting
Use this command to configure log settings for logging to the local disk. Disk logging is only available for FortiGate units with an internal hard disk. You can also use this command to configure the FortiGate unit to upload current log files to an FTP server every time the log files are rolled.
If you have an AMC disk installed on your FortiGate unit, you can use disk setting to configure logging of traffic to the AMC disk. The AMC disk behaves as a local disk after being inserted into the FortiGate unit and the FortiGate unit rebooted. You can view logs from Log&Report > Log Access > Disk when logging to an AMC disk.
You can also use this command to enable SQL logs for different log types. SQL logs are stored in an SQLlite database format. The main advantage of SQL log format is that it supports enhanced reports. For information about the report commands, see “report”:
 
AMC disk is supported on all FortiGate units that have single-width AMC slots.
Syntax
config log disk setting
set status {enable | disable}
set diskfull {nolog | overwrite}
set dlp-archive-quota <integer>
set full-first-warning threshold
set full-second-warning threshold
set full-final-warning threshold
set ips-archive {enable | disable}
set log-quota <integer>
set maximum-log-age <days_int>
set max-log-file-size <integer  max>
set max-policy-packet-capture-size <size_int>
set report-quota <integer>
set roll-schedule {daily | weekly}
set roll-time <hh:mm>
set source-ip <address_ipv4>
set storage <name>
set upload {enable | disable}
set upload-delete-files {enable | disable}
set upload-destination {ftp-server}
set upload-ssl-conn {default | high | low | disable}
set uploaddir <dir_name_str>
set uploadip <class_ip>
set uploadpass <passwd>
set uploadport <port_integer>
set uploadsched {enable | disable}
set uploadtime <hour_integer>
set uploadtype {attack event im spamfilter traffic virus voip webfilter}
set uploaduser <user_str>
set uploadzip {enable | disable}
end
 
Variable
Description
Default
status
{enable | disable}
Enter to either enable or disable logging to the local disk.
disable
diskfull
{nolog | overwrite}
Enter the action to take when the local disk is full. When you enter nolog, the FortiGate unit will stop logging; overwrite will begin overwriting the oldest file once the local disk is full.
overwrite
dlp-archive-quota <integer>
Enter the amount (in MB) of disk space allocated for DLP logs.
0
full-first-warning threshold
Enter to configure the first warning before reaching the threshold. You can enter a number between 1 and 100.
75
full-second-warning threshold
Enter to configure the second warning before reaching the threshold. You can enter a number between 1 and 100.
90
full-final-warning threshold
Enter to configure the final warning before reaching the threshold. You can enter a number between 1 and 100.
95
ips-archive {enable | disable}
Enable IPS packet archive logs.
enable
log-quota <integer>
Enter the amount (in MB) of disk space allocated for disk logging.
0
maximum-log-age <days_int>
Enter the maximum age for logs. Logs older than this are purged.
7
max-log-file-size
<integer  max>
Enter the maximum size of the log file (in MB) that is saved to the local disk.
When the log file reaches the specified maximum size, the FortiGate unit saves the current log file and starts a new active log file. The default minimum log file size is 1 MB and the maximum log file size allowed is 1024MB.
100
max-policy-packet-capture-size <size_int>
Enter the maximum packet capture size in firewall policies.
10
report-quota <integer>
Enter the amount (in MB) of disk space allocated for report logs.
0
roll-schedule
{daily | weekly}
Enter the frequency of log rolling. When set, the FortiGate unit will roll the log event if the maximum size has not been reached.
daily
roll-time
<hh:mm>
Enter the time of day, in the format hh:mm, when the FortiGate unit saves the current log file and starts a new active log file.
00:00
source-ip
<address_ipv4>
Enter the source IP address of the disk log uploading.
0.0.0.0
storage <name>
Enter a name for the storage log file. This option is only available when the current vdom is the management vdom.
 
upload
{enable | disable}
Enable or disable uploading log files to a remote directory. Enable upload to upload log files to an FTP server whenever a log file rolls.
Use the uploaddir, uploadip, uploadpass, uploadport, and uploaduser fields to add this information required to connect to the FTP server and upload the log files to a specific location on the server.
Use the uploadtype field to select the type of log files to upload.
Use the upload-delete-files field to delete the files from the hard disk once the FortiGate unit completes the file transfer.
All upload fields are available after enabling the upload command.
disable
upload-delete-files
{enable | disable}
Enable or disable the removal of the log files once the FortiGate unit has uploaded the log file to the FTP server.
enable
upload-destination {ftp-server}
Set upload destination. FTP server is the only option.
ftp-server
upload-ssl-conn {default | high | low | disable}
Set encryption strength for communications between the FortiGate unit and FortiAnalyzer. Available when upload-destination is fortianalyzer.
high — use SSL with 128-bit and larger key length algorithms: DHE‑RSA‑AES256‑SHA, AES256‑SHA, EDH‑RSA‑DES‑CBC3‑SHA, DES‑CBC3‑SHA, DES‑CBC3‑MD5, DHE‑RSA‑AES128‑SHA, AES128‑SHA
low — use SSL with 64-bit or 56-bit key length algorithms without export restrictions: EDH‑RSA‑DES‑CDBC‑SHA, DES‑CBC‑SHA, DES‑CBC‑MD5
default — use SSL with high strength algorithms and these medium-strength 128-bit key length algorithms: RC4‑SHA, RC4‑MD5, RC4‑MD
disable — disable the use of SSL.
default
uploaddir
<dir_name_str>
Enter the name of the path on the FTP server where the log files will be transferred to. If you do not specify a remote directory, the log files are uploaded to the root directory of the FTP server.
No default.
uploadip
<class_ip>
Enter the IP address of the FTP server. This is required.
0.0.0.0
uploadpass
<passwd>
Enter the password required to connect to the FTP server. This is required.
No default.
uploadport
<port_integer>
Enter the port number used by the FTP server. The default port is 21. Port 21 is the standard FTP port.
21
uploadsched
{enable | disable}
Enable log uploads at a specific time of the day. When set to disable, the FortiGate unit uploads the logs when the logs are rolled.
disable
uploadtime
<hour_integer>
Enter the time of day (hour only) when the FortiGate unit uploads the logs. The uploadsched setting must first be set to enable.
0
uploadtype
{attack event im spamfilter traffic virus voip webfilter}
Select the log files to upload to the FTP server. You can enter one or more of the log file types separated by spaces. Use a space to separate the log file types. If you want to remove a log file type from the list or add a log file type to the list, you must retype the list with the log file type removed or added.
traffic
event
spamfilter
virus
webfilter
voip
im
uploaduser
<user_str>
Enter the user account for the upload to the FTP server. This is required.
No default.
uploadzip
{enable | disable}
Enter enable to compress the log files after uploading to the FTP server. If disable is entered, the log files are uploaded to the FTP server in plain text format.
disable