Configuring rolling and uploading of logs
You can control device log file size and consumption of the FortiManager’s disk space by configuring log rolling and scheduled uploads to a server.
As the FortiManager unit receives new log items, it performs the following tasks:
• verifies whether the log file has exceeded its file size limit
• checks to see if it is time to roll the log file if the file size is not exceeded.
Configure the time to be either a daily or weekly occurrence, and when the roll occurs. When a current log file (tlog.log) reaches its maximum size, or reaches the scheduled time, the FortiManager unit rolls the active log file by renaming the file. The file name will be in the form of xlog.N.log (for example, tlog.1252929496.log), where x is a letter indicating the log type and N is a unique number corresponding to the time the first log entry was received. The file modification time will match the time when the last log was received in the log file.
Once the current log file is rolled into a numbered log file, it will not be changed. New logs will be stored in the new current log called tlog.log. If log uploading is enabled, once logs are uploaded to the remote server or downloaded via the Web-based Manager, they are in the following format:
FG3K6A3406600001-tlog.1252929496.log-2012-09-29-08-03-54.gz
If you have enabled log uploading, you can choose to automatically delete the rolled log file after uploading, thereby freeing the amount of disk space used by rolled log files. If the log upload fails, such as when the FTP server is unavailable, the logs are uploaded during the next scheduled upload.
Log rolling and uploading can be enabled and configured in the Web-based Manager in System Settings > Advanced > Device Log Settings.
The device log settings menu window, found at System Settings > Advanced > Device Log Settings, allows you to configure event logging to disk and includes the following options:
• Log rollover options
• Log upload to an FTP, SFTP or SCP server
Configure the following settings and then select Apply:
Rollover Options |
| Roll log file when size exceeds | Enter the log file size. Enter a value between 50 to 500 MB. |
| Roll log files at a regular time | Select to roll logs daily or weekly. When selecting daily, select the hour and minute value in the drop-down lists. When selecting weekly, select the day, hour, and minute value in the drop-down lists. |
Enable log uploading | Select to upload real time device logs. |
| Upload Server Type | Select one of FTP, SFTP, or SCP. |
| Upload Server IP | Enter the IP address of the upload server. |
| Username | Select the username that will be used to connect to the upload server. |
| Password | Select the password that will be used to connect to the upload server. |
| Remote Directory | Select the remote directory on the upload server where the log will be uploaded. |
| Upload Log Files | Select to upload log files when they are rolled according to settings selected under Roll Logs or daily at a specific hour. |
| Upload rolled files in gzipped format | Select to gzip the logs before uploading. This will result in smaller logs, and faster upload times. |
| Delete files after uploading | Select to remove device log files from the FortiManager system after they have been uploaded to the Upload Server. |
Log rolling and uploading can also be enabled and configured using CLI commands. For more information, see the FortiManager v5.0 Patch Release 5 CLI Reference.
To enable or disable log file uploads:
To enable log uploads, enter the following CLI commands:
config system log settings
config rolling-regular
set upload enable
end
end
where:
del-files {enable | disable} | Delete the log files from the FortiManager hard disk one uploading is complete. |
directory <string> | The directory on the upload server where the FortiManager unit stores the uploaded logs. The maximum length is 128 characters. |
file-size <integer> | Roll log files when they reach this size (MB). |
gzip-format {enable | disable} | Compress the log files using the gzip format. |
ip <server_ipv4> | The upload server’s IP address. |
log-format {csv | native | text} | The format of the uploaded log files: • csv: CSV (comma-separated value) format • native: Native format (text or compact) • text: Text format (convert if necessary) |
server_type {ftp | scp | sftp} | The type of upload server. |
upload-hour <integer> | The hour that the log files are uploaded. The default is zero. Enter the number, without minutes, in the 24‑hour format. |
upload-trigger {on-roll | on‑schedule} | The type of trigger will upload log files. • on-roll will upload log files whenever they roll. • on-schedule will upload log files on a scheduled basis. |
username <string> | The upload server user name. The maximum length is 36 characters. |
password <string> | The upload server password. |
when {daily | none | weekly} | Select when to roll log files. Select daily, weekly, or none. |
To disable log uploads, enter the following CLI commands:
config system log settings
config rolling-regular
set upload disable
end
end
To roll logs when they reach a specific size:
Enter the following CLI commands:
config system log settings
config rolling-regular
set file-size <integer>
end
end
where <integer> is the size at which the logs will roll, in MB.
To roll logs on a schedule:
To disable log rolling, enter the following CLI commands:
config system log settings
config rolling-regular
set when none
end
end
To enable daily log rolling, enter the following CLI commands:
config system log settings
config rolling-regular
set upload enble
set when daily
set hour <integer>
set min <integer>
set file-size <integer>
end
end
where:
hour <integer> | The hour of the day when the when the FortiManager rolls the traffic analyzer logs. |
min <integer> | The minute when the FortiManager rolls the traffic analyzer logs. |
file-size <integer> | Roll log files when they reach this size (MB). |
To enable weekly log rolling, enter the following CLI commands:
config system log settings
config rolling-regular
set when weekly
set days {mon | tue | wed | thu | fri | sat | sun}
set hour <integer>
set min <integer>
end
end
where:
days {mon | tue | wed | thu | fri | sat | sun} | The days week when the FortiManager rolls the traffic analyzer logs. |
hour <integer> | The hour of the day when the when the FortiManager rolls the traffic analyzer logs. |
min <integer> | The minute when the FortiManager rolls the traffic analyzer logs. |