Fortigate 60D – Enable Disk Logging

**UPDATE: This only works for 60D’s running 5.0.7 or earlier. Disk logging on the lower end models has been disabled in the 5.2.x code base. You either log to RAM (which is reset upon device reboot, or log to FortiCloud where you can get 1GB of space free upon signup***

To enable logging to local disk on Fortigate, it is a combination of GUI settings and CLI commands to run.

1) Go to System > Config > Advanced. Allocate a portion of the local disk to be utilized for logging. I chose to alot 2GB:

2) Go to the Policy section. Find the policy you want to log and confirm have logging enabled and to Log All Traffic Sessions:

3) Go to Log & Report > Log Config > Log Settings. Select Disk and choose the Disk in the GUI preferences as the log to display:

4) Open CLI and run the following commands to enable and review you disk logging settings:

fgt-01 # config log disk setting
fgt-01 (setting) # set status enable
fgt-01 (setting) # show
config log disk setting
set status enable
set log-quota 2048
end

 

If you run into formatting and allocation issues with your disk, check the following CLI values:

– Validate disk status: get system status
– Format disk: execute formatlogdisk
– Reboot device, re-run set status enable commands above

2 thoughts on “Fortigate 60D – Enable Disk Logging”

  1. i have a fortigate-60Di i am facing a logging and reporting issue its local report option is not showing on GUI interface but cloud report option is still showing on fortigate how to enable the local report option in GUI .
    current version of fortigaet is 5.0.6

    1. Unfortunately, Fortinet disabled logging to disk ability in the lower end models. The 60D, which I have as well, used to do disk logging in 5.0.7. Once you upgrade to any 5.2 code, it disables it and forces you to either log to RAM, which gets lost upon device reboot, or log to forticloud. Currently, I believe disk logging is available at the 92D and upwards.

Leave a Reply

Your email address will not be published. Required fields are marked *


*