NVR configuration : Advanced/optional NVR configuration : Configuring logging
 
Configuring logging
To diagnose problems or to track actions that the FortiRecorder appliance does as it receives and processes video, configure the FortiRecorder appliance to record log messages. Log messages can record camera and/or FortiRecorder appliance events.
To view log messages, go to Monitor > Log Viewer > Event for the NVR log messages or go to Monitor > Log Viewer > Event for the camera log messages.
To configure logging
1. Go to either Logs and Alerts > Log Setting > Local Log Settings or Log > Log Setting > Remote Log Settings (depending on whether you want logs to be stored on FortiRecorder’s hard drive, or remotely, on a Syslog server or FortiAnalyzer).
2. If configuring local log storage, configure the following settings:
Setting name
Description
Log file size
Type the file size limit of the current log file in megabytes (MB). The log file size limit must be between 1 MB and 1000 MB.
Note: Large log files may decrease display and search performance.
Log time
Type the time (in days) of the file age limit. If the log is older than this limit, even if has not exceeded the maximum file size, a new current log file will be started.
Valid range is between 1 and 366 days.
At hour
Select the hour of the day (24-hour format) when the file rotation should start.
When a log file reaches either the age or size limit, the FortiRecorder appliance rotates the current log file: that is, it renames the current log file (elog.log) with a file name indicating its sequential relationship to other log files of that type (elog2.log, and so on), then creates a new current log file. For example, if you set the log time to 10 days at hour 23, the log file will be rotated at 23 o’clock of the 10th day.
Log level
Select the severity level that a log message must equal or exceed in order to be recorded to this storage location.
For information about severity levels, see “Log severity levels”.
Caution: Avoid recording log messages using low severity thresholds such as Information or Notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure.
Log options when disk is full
Select what the FortiRecorder will do when the local disk is full and a new log message is caused, either:
Do not log — Discard all new log messages.
Overwrite — Delete the oldest log file in order to free disk space, and store the new log message.
Logging Policy Configuration
Select what type of NVR events and camera events you want to log.
3. If configuring remote log storage, click New, then configure the following settings:
 
Setting name
Description
IP
Type the IP address of a Syslog server or FortiAnalyzer.
Port
Type the UDP port number on which the Syslog server listens for log messages.
The default is 514.
Level
Select the severity level that a log message must equal or exceed in order to be recorded to this storage location.
For information about severity levels, see “Log severity levels”.
Caution: Avoid recording log messages using low severity thresholds such as Information or Notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure.
Facility
Select the facility identifier the FortiRecorder will use to identify itself to the Syslog server if it receives logs from multiple devices.
To easily identify log messages from the FortiRecorder when they are stored on a remote logging server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.
CSV format
Enable if your Syslog server requires comma-separated values (CSV).
Note: Do not enable this option if the remote host is a FortiAnalyzer. FortiAnalyzer does not support CSV-formatted log messages.
Logging Policy Configuration
Select what type of NVR events and camera events you want to log.
4. To verify logging connectivity, from FortiRecorder, trigger a log message that matches the type and severity levels that you have chosen to store on the remote Syslog server or FortiAnalyzer. Then, on the remote host, confirm that it has received that log message.
 
If you will be sending logs to a FortiAnalyzer appliance, you must add the FortiRecorder NVR to the FortiAnalyzer’s device list, and allocate enough disk space. Otherwise, depending on its configuration for unknown devices, FortiAnalyzer may ignore the logs. When the allocated disk space is full, it may drop subsequent logs.
If the remote host does not receive the log messages, verify the FortiRecorder’s static routes (see “NVR configuration”) and the policies on any intermediary firewalls or routers (they must allow Syslog traffic from the FortiRecorder network interface that is connected to the gateway between it and the Syslog server). To determine the point of connectivity failure along the network path, if the FortiAnalyzer or Syslog server is configured to respond to ICMP ECHO_REQUEST (ping), go to Monitor > System Status > Console and enter the command:
execute traceroute <syslog_ipv4>
where <syslog_ipv4> is the IPv4 address of your FortiAnalyzer or Syslog server.
See also
Connectivity issues
Data storage issues