Fortinet 544 FortiWeb 5.0 Patch 6 Administration Guide
Log severity levelsEach log message contains a Severity (pri) field that indicates the severity of the event that
caused the log message, such as pri=warning.
For each location where the FortiWeb appliance can store log files (disk, memory, Syslog or
FortiAnalyzer), you can define a severity threshold. The FortiWeb appliance will store all log
messages equal to or exceeding the log severity level you select.
For example, if you select Error, the FortiWeb appliance will store log messages whose log
severity level is Error, Critical, Alert, and Emergency.
For more information, see “Configuring log destinations” on page 549.
Log rate limitsWhen FortiWeb is defending your network against a DoS attack, the last thing you need is for
performance to decrease due to logging, compounding the effects of the attack. By the nature
of the attack, these log messages will likely be repetitive anyway. Similarly, repeated attack log
messages when a client has become subject to a period block yet continues to send requests is
of little value, and may actually be distracting from other, unrelated attacks.
Table 49:Log severity levels
Level
(0 is
greatest)
Name Description
0Emergency The system has become unusable.
1Alert Immediate action is required.
2Critical Functionality is affected.
3Error An error condition exists and functionality could be affected.
4Warning Functionality could be affected.
5Notification Information about normal events.
6Information General information about system operations.
Avoid recording log messages using low log severity thresholds such as information or
notification to the local hard disk for an extended period of time. A low log severity threshold is
one possible cause of frequent logging. Excessive logging frequency can cause undue wear on
the hard disk and may cause premature failure.