FortiGate Firewall HOW-TO - Logging


Published on

The logging Facility is one of the most useful tools of the Fortigate Firewall. See with us hot-to enable it and have it working properly. Stay with us!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

FortiGate Firewall HOW-TO - Logging

  2. 2. INTRODUCTION One of the most useful tools on the FortiGate machine is the logging facility. There are several methods to enable logging, they differ from the facility you will use to save them. You could keep them on a circular buffer in the system memory, on the system hard disk (if your system has one), send them to a FortiManager station, to a FortiAnalyzer or to the FortiCloud service (if you have subscription). In the following slides, we will show you how to enable logging and some tips to get it working either you chose to use the system memory or hard disk.
  3. 3. CONFIGURING LOGGING To configure logging you should go to: Log & Report > Log Config > Log Settings In our example we have chosen to send logs to the hard disk. This destination could be configured checking the Disk check box under the “Logging and Archiving” section. Be sure that under the “GUI Preferences” section the “Display Logs From” is configured on Disk. This setting is required in order to get logs from the correct source when you try to read them from the Log & Report > Traffic Log > Forward Traffic or from Log & Report > Event Log > System
  4. 4. CONFIGURING LOGGING – CONTINUED Sometimes may happen that under the “Logging and Archiving” menu the Disk option is not available. This problem could happen in case the system Disk is not installed or the logging to disk has been disabled using the CLI. In order to enable logging to disk, connect to the FortiGate CLI and give the following commands: config log disk setting set status enable end Sometimes may happen that under the “Display Logs From” menu the Disk option is not available. This problem could happen in case the system Disk is not formatted. In order to verify this eventuality use the following command from the system CLI: get system status In case you get “Log hard disk: Need format” a disk format is required. Use the following command to execute it: execute formatlogdisk The system will reboot and then you will be able to configure the above option.
  5. 5. CONFIGURING LOGGING – CONTINUED In case you want to enable logging to the system memory (in case the hard disk is not available) you should activate it using the following CLI commands: config log memory setting set status enable end Then the memory should be selected in the “Display Logs From” menu. Only a reduced set of logs will be available using this method because the circular buffer is reduced in size.
  6. 6. DISPLAYING LOGS Logs could be viewed under Log & Report > Log Config , then you should chose which log you want to view. For example, “Traffic Logs” shows you logs related to the traffic flowing through the firewall, “Event Logs” shows system related events. NOTE: In the example there is a column with the “Application Name”., this information is available only enabling Application Control (shown on future postings).
  7. 7. MORE NEEDS? See hints on Or email us your questions to
  8. 8. IPMAX IPMAX is a Fortinet Partner in Italy. IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation. IPMAX srl Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171