Configuring rolling and uploading of logs

Log View : Configuring rolling and uploading of logs

You can control device log file size and consumption of the FortiManager’s disk space by configuring log rolling and scheduled uploads to a server.

As the FortiManager unit receives new log items, it performs the following tasks:

• verifies whether the log file has exceeded its file size limit

• checks to see if it is time to roll the log file if the file size is not exceeded.

Configure the time to be either a daily or weekly occurrence, and when the roll occurs. When a current log file (tlog.log) reaches its maximum size, or reaches the scheduled time, the FortiManager unit rolls the active log file by renaming the file. The file name will be in the form of xlog.N.log (for example, tlog.1252929496.log), where x is a letter indicating the log type and N is a unique number corresponding to the time the first log entry was received. The file modification time will match the time when the last log was received in the log file.

Once the current log file is rolled into a numbered log file, it will not be changed. New logs will be stored in the new current log called tlog.log. If log uploading is enabled, once logs are uploaded to the remote server or downloaded via the Web-based Manager, they are in the following format:

FG3K6A3406600001-tlog.1252929496.log-2012-09-29-08-03-54.gz

If you have enabled log uploading, you can choose to automatically delete the rolled log file after uploading, thereby freeing the amount of disk space used by rolled log files. If the log upload fails, such as when the FTP server is unavailable, the logs are uploaded during the next scheduled upload.

Log rolling and uploading can be enabled and configured in the Web-based Manager in System Settings > Advanced > Device Log Settings.

The device log settings menu window, found at System Settings > Advanced > Device Log Settings, allows you to configure event logging to disk and includes the following options:

• Log rollover options

• Log upload to an FTP, SFTP or SCP server

Figure 237: Device log settings window

Configure the following settings and then select Apply:


Rollover Options
	Roll log file when size exceeds	Enter the log file size. Enter a value between 50 to 500 MB.
	Roll log files at a regular time	Select to roll logs daily or weekly. When selecting daily, select the hour and minute value in the drop-down lists. When selecting weekly, select the day, hour, and minute value in the drop-down lists.
Enable log uploading		Select to upload real time device logs.
	Upload Server Type	Select one of FTP, SFTP, or SCP.
	Upload Server IP	Enter the IP address of the upload server.
	Username	Select the username that will be used to connect to the upload server.
	Password	Select the password that will be used to connect to the upload server.
	Remote Directory	Select the remote directory on the upload server where the log will be uploaded.
	Upload Log Files	Select to upload log files when they are rolled according to settings selected under Roll Logs or daily at a specific hour.
	Upload rolled files in gzipped format	Select to gzip the logs before uploading. This will result in smaller logs, and faster upload times.
	Delete files after uploading	Select to remove device log files from the FortiManager system after they have been uploaded to the Upload Server.

Log rolling and uploading can also be enabled and configured using CLI commands. For more information, see the FortiManager v5.0 Patch Release 5 CLI Reference.

To enable or disable log file uploads:

To enable log uploads, enter the following CLI commands:

config system log settings

config rolling-regular

set upload enable

set del-files {enable | disable}

set directory <string>

set file-size <integer>

set gzip-format {enable | disable}

set ip <server_ipv4>

set log-format {csv | native | text}

set password <string>

set server_type {ftp | scp | sftp}

set upload-hour <integer>

set upload-trigger {on-roll | on‑schedule}

set username <string>

set when {daily | none | weekly}

end

where:


del-files {enable \| disable}	Delete the log files from the FortiManager hard disk one uploading is complete.
directory <string>	The directory on the upload server where the FortiManager unit stores the uploaded logs. The maximum length is 128 characters.
file-size <integer>	Roll log files when they reach this size (MB).
gzip-format {enable \| disable}	Compress the log files using the gzip format.
ip <server_ipv4>	The upload server’s IP address.
log-format {csv \| native \| text}	The format of the uploaded log files: • csv: CSV (comma-separated value) format • native: Native format (text or compact) • text: Text format (convert if necessary)
server_type {ftp \| scp \| sftp}	The type of upload server.
upload-hour <integer>	The hour that the log files are uploaded. The default is zero. Enter the number, without minutes, in the 24‑hour format.
upload-trigger {on-roll \| on‑schedule}	The type of trigger will upload log files. • on-roll will upload log files whenever they roll. • on-schedule will upload log files on a scheduled basis.
username <string>	The upload server user name. The maximum length is 36 characters.
password <string>	The upload server password.
when {daily \| none \| weekly}	Select when to roll log files. Select daily, weekly, or none.

To disable log uploads, enter the following CLI commands:

config system log settings

config rolling-regular

set upload disable

end

To roll logs when they reach a specific size:

Enter the following CLI commands:

config system log settings

config rolling-regular

set file-size <integer>

end

where <integer> is the size at which the logs will roll, in MB.

To roll logs on a schedule:

To disable log rolling, enter the following CLI commands:

config system log settings

config rolling-regular

set when none

end

To enable daily log rolling, enter the following CLI commands:

config system log settings

config rolling-regular

set upload enble

set when daily

set hour <integer>

set min <integer>

set file-size <integer>

end

where:


hour <integer>	The hour of the day when the when the FortiManager rolls the traffic analyzer logs.
min <integer>	The minute when the FortiManager rolls the traffic analyzer logs.
file-size <integer>	Roll log files when they reach this size (MB).

To enable weekly log rolling, enter the following CLI commands:

config system log settings

config rolling-regular

set when weekly

set days {mon | tue | wed | thu | fri | sat | sun}

set hour <integer>

set min <integer>

end

where:


days {mon \| tue \| wed \| thu \| fri \| sat \| sun}	The days week when the FortiManager rolls the traffic analyzer logs.
hour <integer>	The hour of the day when the when the FortiManager rolls the traffic analyzer logs.
min <integer>	The minute when the FortiManager rolls the traffic analyzer logs.