Configuring rolling and uploading of devices’ logs
You can control devices’ log file size and consumption of the FortiManager’s disk space by configuring log rolling and scheduled uploads to a server.
As the FortiAnalyzer unit receives new log items, it performs the following tasks:
• verifies whether the log file has exceeded its file size limit
• checks to see if it is time to roll the log file if the file size is not exceeded.
Configure the time to be either a daily or weekly occurrence, and when the roll occurs. When a current log file (tlog.log) reaches its maximum size, or reaches the scheduled time, the FortiManager unit rolls the active log file by renaming the file. The file name will be in the form of xlog.N.log (for example, tlog,1252929496.log), where x is a letter indicating the log type and N is a unique number corresponding to the time the first log entry was received. The file modification time will match the time when the last log was received in the log file.
Once the current log file is rolled into a numbered log file, it will not be changed. New logs will be stored in the new current log called tlog.log. If log uploading is enabled, once logs are uploaded to the remote server or downloaded via the Web-based Manager, they are in the following format:
FG3K6A3406600001-tlog.1252929496.log-2012-09-29-08-03-54.gz
If you have enabled log uploading, you can choose to automatically delete the rolled log file after uploading, thereby freeing the amount of disk space used by rolled log files. If the log upload fails, such as when the FTP server is unavailable, the logs are uploaded during the next scheduled upload.
To enable and configure log rolling or uploading, go to System Settings > Advanced > Device Log > Log Setting.
Log Rotate | |
| Log file cannot exceed | Enter the maximum size of each device log file, in megabytes. |
| Roll logs | Select to roll the logs. Rolling will occur either on a weekly or daily basis as selected. |
| Select Type | Select to roll the logs on a weekly or daily basis. |
| Select One Day | Select the day of the week to roll the logs. This option is enabled only when Roll Logs is selected and the Type is Weekly. |
| Time | Select the Hour and Minute of the day to roll the logs. The hour is based on a 24 hour clock. |
| Disk full | Select the action to take, Overwritten or Do not log, when the disk is full from the drop-down list. |
Enable log uploading | Select to upload real time device logs to a service. |
| Upload Server Type | Select one of FTP, SFTP, SCP, or FAZ. |
| Upload Server IP | Enter the IP address of the upload server. |
| Port | Enter the port of the upload server. |
| Username | Select the username that will be used to connect to the upload server. |
| Password | Select the password that will be used to connect to the upload server. |
| Remote Directory | Select the remote directory on the upload server where the log will be uploaded. |
| When rolled | Select to upload log files when they are rolled according to settings selected under Roll Logs. |
| Daily at | Select the hour to upload the logs. The hour is based on a 24 hour clock |
| Upload rolled files in gzipped format | Select to gzip the logs before uploading. This will result in smaller logs, and faster upload times. |
| Delete files after uploading | Select to remove device log files from the FortiManager system after they have been uploaded to the Upload Server. |
