log : setting
 
setting
Use this command to configure general logging settings.
Syntax
config log setting
set brief-traffic-format {enable | disable}
set daemon-log {enable | disable}
set fwpolicy-implicit-log {enable | disable}
set fwpolicy6-implicit-log {enable | disable}
set gui-location <location>
set local-in-admin {enable | disable}
set local-in-allow {enable | disable}
set local-in-deny-broadcast {enable | disable}
set local-in-deny-unicast {enable | disable}
set local-in-fortiguard {enable | disable}
set local-in-other {enable | disable}
set local-out {enable | disable}
set log-invalid-packet {enable | disable}
set log-user-in-upper {enable | disable}
set neighbor-event {enable | disable}
set resolve-ip {enable | disable}
set resolve-port {enable | disable}
set user-anonymize {enable | disable}
end
Variable
Description
Default
brief-traffic-format {enable | disable}
Use brief format for traffic log.
disable
daemon-log {enable | disable}
Collect daemon log.
disable
fwpolicy-implicit-log {enable | disable}
Collect firewall implicit policy log.
disable
fwpolicy6-implicit-log {enable | disable}
Collect firewall implicit policy6 log.
disable
gui-location <location>
Set which logs to display: disk, fortianalyzer, fortiguard, or memory.
fortiguard
local-in-admin {enable | disable}
Collect local-in policy admin access log.
enable
local-in-allow {enable | disable}
Collect local-in policy accepted log.
enable
local-in-deny-broadcast {enable | disable}
Collect local-in policy dropped broadcast log.
 
disable
local-in-deny-unicast {enable | disable}
Collect local-in policy dropped unicast log.
 
enable
local-in-fortiguard {enable | disable}
Collect local-in policy FortiGuard log.
enable
local-in-other {enable | disable}
Collect local-in-other policy log.
enable
local-out {enable | disable}
Collect local-out log.
disable
log-invalid-packet {enable | disable}
Enable ICSA compliant logs for the VDOM. Independent of traffic log settings, traffic log entries are generated:
for all ICMP packets
for session start and on session deletion
This setting is not rate limited. A large volume of invalid packets can dramatically increase the number of log entries, affecting device performance.
disable
log-user-in-upper {enable | disable}
Collect log with user-in-upper.
disable
neighbor-event {enable | disable}
Collect neighbor-event log (ARP and IPv6 neighbor discovery events).
disable
resolve-ip {enable | disable}
Resolve ip address in traffic log to domain name if possible.
disable
resolve-port {enable | disable}
Resolve port number in traffic log to service name if possible.
disable
user-anonymize {enable | disable}
Enable or disable replacing user name with “anonymous” in logs.
disable