Configuring rolling and uploading of logs
You can control device log file size and use of the FortiAnalyzer unit’s disk space by configuring log rolling and scheduled uploads to a server.
As the FortiAnalyzer unit receives new log items, it performs the following tasks:
- verifies whether the log file has exceeded its file size limit
- checks to see if it is time to roll the log file if the file size is not exceeded.
Configure the time to be either a daily or weekly occurrence, and when the roll occurs. When a current log file (tlog.log) reaches its maximum size, or reaches the scheduled time, the FortiAnalyzer unit rolls the active log file by renaming the file. The file name will be in the form of xlog.N.log (for example, tlog.1252929496.log), where x is a letter indicating the log type and N is a unique number corresponding to the time the first log entry was received. The file modification time will match the time when the last log was received in the log file.
Once the current log file is rolled into a numbered log file, it will not be changed. New logs will be stored in the new current log called tlog.log. If log uploading is enabled, once logs are uploaded to the remote server or downloaded via the Web-based Manager, they are in the following format:
FG3K6A3406600001-tlog.1252929496.log-2012-09-29-08-03-54.gz
If you have enabled log uploading, you can choose to automatically delete the rolled log file after uploading, thereby freeing the amount of disk space used by rolled log files. If the log upload fails, such as when the FTP server is unavailable, the logs are uploaded during the next scheduled upload.
Log rolling and uploading can be enabled and configured in the Web-based Manager in System Settings > Advanced > Device Log Settings. For more information, see “Device log settings” on page 111. Log rolling and uploading can also be enabled and configured using the CLI. For more information, see the FortiAnalyzer CLI Reference.
To enable or disable log file uploads:
To enable log uploads, enter the following CLI commands:
config system log settings config rolling-regular set upload enable end
end
To disable log uploads, enter the following CLI commands:
config system log settings config rolling-regular set upload disable end end
To roll logs when they reach a specific size:
Enter the following CLI commands:
config system log settings config rolling-regular
set file-size <integer> end
end where <integer> is the size at which the logs will roll, in MB.
To roll logs on a schedule:
To disable log rolling, enter the following CLI commands:
config system log settings
config rolling-regular
set when none end
end
To enable daily log rolling, enter the following CLI commands:
config system log settings
config rolling-regular
set upload enble set when daily set hour <integer> set min <integer> set file-size <integer> end
end where:
hour <integer> | The hour of the day when the when the FortiAnalyzer rolls the traffic analyzer logs. |
min <integer> | The minute when the FortiAnalyzer rolls the traffic analyzer logs. |
file-size <integer> | Roll log files when they reach this size (MB). |
To enable weekly log rolling, enter the following CLI commands:
config system log settings
config rolling-regular
set when weekly set days {mon | tue | wed | thu | fri | sat | sun} set hour <integer> set min <integer> end
end where:
days {mon | tue | wed | thu | fri | sat | sun} | The days week when the FortiAnalyzer rolls the traffic analyzer logs. |
hour <integer> | The hour of the day when the when the FortiAnalyzer rolls the traffic analyzer logs. |
min <integer> | The minute when the FortiAnalyzer rolls the traffic analyzer logs. |