Configuring logging to the hard disk

Logs, reports and alerts : Configuring logging : Configuring logging to the hard disk

You can store log messages locally on the hard disk of the FortiMail unit.

To ensure that local hard disk has sufficient disk space to store new log messages and that it does not overwrite existing logs, you should regularly download backup copies of the oldest log files to your management computer or other storage, and then delete them from the FortiMail unit. (Alternatively, you could configure logging to a remote host.)

You can view and download these logs from the Log submenu of the Monitor tab. For more information, see “Viewing log messages”.

For logging accuracy, you should also verify that the FortiMail unit’s system time is accurate. For details, see “Configuring the time and date”.

To access this part of the web UI, your administrator account’s:

• Domain must be System

• access profile must have Read or Read-Write permission to the Others category

For details, see “About administrator account permissions and domains”.

To configure logging to the local hard disk

1. Go to Log and Report > Log Settings > Local Log Settings.

2. Select the Enable option to allow logging to the local hard disk.

3. In Log file size, enter the file size limit of the current log file in megabytes (MB).

4. In Log time, enter the time (in days) of file age limit. Valid range is between 1 and 366 days.

5. In At hour, enter the hour of the day (24-hour format) when the file rotation should start.

When a log file reaches either the age or size limit, the FortiMail unit rotates the current log file: that is, it renames the current log file (elog.log) with a file name indicating its sequential relationship to other log files of that type (elog2.log, and so on), then creates a new current log file. For example, if you set the log time to 10 days at hour 23, the log file will be rotated at 23 o’clock of the 10th day.


	Large log files may decrease display and search performance.

6. From Log level, select the severity level that a log message must equal or exceed in order to be recorded to this storage location.


	Avoid recording log messages using low severity thresholds such as Information or Notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure.

For information about severity levels, see “Log message severity levels”.

7. From Log options when disk is full, select what the FortiMail unit will do when the local disk is full and a new log message is caused, either:

• Do not log: Discard all new log messages.

• Overwrite: Delete the oldest log file in order to free disk space, and store the new log message.

8. In Logging Policy Configuration, enable the types of logs that you want to record to this storage location. Click the arrow to review the options. For details, see “Choosing which events to log”.

9. Click Apply.