Enable disk logging

1. Confirm you device has a log disk
FG64 # get sys status

Version: FortiGate-VM64 v5.2.2,build0642,141118 (GA)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 5.00555(2014-10-07 01:21)
IPS-ETDB: 0.00000(2001-01-01 00:00)
Serial-Number: FGVMEV0000000000
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Sat May  9 11:49:52 2015
VM Resources: 1 CPU/1 allowed, 971 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Need format
Hostname: FG64
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 642
Release Version Information: GA
FortiOS x86-64: Yes
System time: Thu Mar  5 11:39:12 2015

2. format the log disk
FG64 # execute formatlogdisk
Log disk is /dev/sdb1.
Formatting this storage will erase all data on it, including
logs, quarantine files;
and require the unit to reboot.
Do you want to continue? (y/n)y

FG64 # get system status
Version: FortiGate-VM64 v5.2.2,build0642,141118 (GA)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 5.00555(2014-10-07 01:21)
IPS-ETDB: 0.00000(2001-01-01 00:00)
Serial-Number: FGVMEV0000000000
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Sat May  9 11:49:52 2015
VM Resources: 1 CPU/1 allowed, 971 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Available
Hostname: FG64
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 642
Release Version Information: GA
FortiOS x86-64: Yes
System time: Thu Mar  5 11:41:08 2015

3. Enable logging
CLI:
# config log disk setting
set status enable
set storage Virtual-Disk
end
This operation will reboot the system.
Do you want to continue? (y/n)y
NOTE:
“set storage” above can be Virtual-Disk (Fortigate VM), or Disk or Flash depend on FortiGate model
GUI:
Image
From FortiOS 5.2.2 Release Notes
For FG-5000 blades and FG-3900 series, log disk is disabled by default. It can only be enabled via CLI. For all 2U & 3U
models (FG-3600/FG-3700/FG-3800), log disk is also disabled by default. For all 1U models and desktop models that
supports STAT disk, log disk is enabled by default
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s