Monday, May 29, 2017

TIPS for analyzing fortigate loggings

Have you ever  logged into the WebGUI and see the system resource widget and a abnormal  log rates for  disk vrs faz ?


e.g




In a multi-vdim  environment you might not be logging to disk for the other  vdomss, so the log-rate p/sec could be different across logging-targets.


You can quickly validate this via the cli by execution the get sys log settings and the status




Alternatively you  can use the cli and  try to retrieve logs via disk vrs memory or  faz to determine  if logs are present in that vdom and for that logging-targets.


e.g




To delete the local logs,  you can  use the following cli cmd for the deletion and validations.


















Execute the  log list cmd from above , & before you delete . Re-validate date/timestamps





Ken Felix



Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 

        /  \



No comments:

Post a Comment