Fortinet 400 manual Filtering log messages, Recording logs in system memory, 284

Recording logs in system memory

If your FortiGate unit does not contain a hard disk, you can use the following procedure to configure the FortiGate unit to reserve some system memory for storing current event, attack, antivirus, web filter and email filter log messages. Logging to memory allows quick access to only the most recent log entries. The FortiGate unit can store a limited number of messages in system memory. After all available memory is used, the FortiGate unit deletes the oldest messages. If the FortiGate unit restarts, the log entries are lost.

Note: The FortiGate unit can only record the event and attack log messages in system memory.

To record logs in system memory:

1Go to Log&Report > Log Setting.

2Select Log to memory.

3Select the severity level for which you want to record log messages.

The FortiGate will log all levels of severity down to but not lower than the level you choose. For example, if you want to record emergency, alert, critical, and error messages, select Error.

4Select Config Policy.

To configure the FortiGate to filter the types of logs and events to record, use the procedures in “Filtering log messages” on page 284.

5Select Apply.

Filtering log messages

You can configure which logs to record and which message categories to record in each log.

1Go to Log&Report > Log Setting.

2Select Config Policy for the log location that you selected in “Recording logs” on page 281.

3Select the log types that you want FortiGate unit to record.

Web Filtering Log Record activity events, such as URL and content blocking, and exemption of URLs from blocking.