Logging and reporting Recording logs in system memory
FortiGate-100 Installation and Configuration Guide 251
Recording logs in system memory
If your FortiGate unit does not contain a hard disk, you can use the following
procedure to configure the FortiGate unit to reserve some system memory for storing
current event, attack, antivirus, web filter and email filter log messages. Logging to
memory allows quick access to only the most recent log entries. The FortiGate unit
can store a limited number of messages in system memory. After all available memory
is used, the FortiGate unit deletes the oldest messages. If the FortiGate unit restarts,
the log entries are lost.
To record logs in system memory:
1 Go to Log&Report > Log Setting.
2 Select Log to memory.
3 Select the severity level for which you want to record log messages.
The FortiGate will log all levels of severity down to but not lower than the level you
choose. For example, if you want to record emergency, alert, critical, and error
messages, select Error.
4 Select Config Policy.
To configure the FortiGate to filter the types of logs and events to record, use the
procedures in “Filtering log messages” on page 251.
5 Select Apply.
Filtering log messages
You can configure which logs to record and which message categories to record in
each log.
1 Go to Log&Report > Log Setting.
2 Select Config Policy for the log location that you selected in “Recording logs” on
page 249.
3 Select the log types that you want FortiGate unit to record.
Note: The FortiGate unit can only record the event and attack log messages in system memory.
Traffic Log Record all connections to and through the interface.
To configure traffic filtering, see “Adding traffic filter entries” on page 254.
Event Log Record management and activity events in the event log.
Management events include changes to the system configuration as well
as administrator and user logins and logouts. Activity events include
system activities, such as VPN tunnel establishment and HA failover
events.
Virus Log Record virus intrusion events, such as when the FortiGate unit detects a
virus, blocks a file type, or blocks an oversized file or email.
Web Filtering Log Record activity events, such as URL and content blocking, and exemption
of URLs from blocking.
Attack Log Record attacks detected by the NIDS and prevented by the NIDS
Prevention module.