2. ping service.fortiguard.net
Monday, 24 February 2020
Wednesday, 19 February 2020
check hardware and hard disk
Network Card chipset: Broadcom 570x Tigon3 Ethernet Adapter (rev.0x5784100)
How-to: Enable disk logging on a FortiGate running FortiOS 5
By default disk logging has been disabled on FortiOS v5.0. One of the
reasons this was done is because the flash memory on some devices are
not designed for constant read/writes, so saving logs to it can degrade
the disk (resulting in corrupted sectors). Having said that, we've got a
few FortiGates that have been logging to disk for a few years now with
no problems.
***UPDATE***
Disk logging is no longer available for any of the FortiGate SMB models that are running v5.2. This includes the FG90D, 80D, 70D, 60D/C, 40C, 30D, 20C etc. So if you have a FG60D that is running 5.0.7 with disk logging enabled and upgrade it to 5.2, your disk logging will be now be disabled and no longer available. Models 100D and higher will still have disk logging functionality available upon upgrading to 5.2.
Fortinet are pushing all the smaller devices to use FortiCloud or FortiAnalyzer for logging.
***UPDATE***
Below are the steps to re-enable disk logging:
Firstly check that your FortiGate has the log disk available. Some units don't come with a log disk. To confirm use the get sys status command and ensure that the variable 'Log hard disk' shows 'Need format'.
fortigate # get sys status
Version: FortiGate-VM64 v5.0,build0228,130809 (GA Patch 4)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 4.00345(2013-05-23 00:39)
IPS-ETDB: 0.00000(2000-00-00 00:00)
Serial-Number: FGVMEV0000000000
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Fri Nov 1 06:24:58 2013
VM Resources: 1 CPU/1 allowed, 475 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Need format
Hostname: fortigate
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 228
Release Version Information: GA Patch 4
FortiOS x86-64: Yes
System time: Wed Oct 30 15:43:01 2013
If your FortiGate doesn't have a hard disk you'll get the following:
fortigate # get sys status
Version: FortiGate-VM64 v5.0,build0228,130809 (GA Patch 4)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 4.00345(2013-05-23 00:39)
IPS-ETDB: 0.00000(2000-00-00 00:00)
Serial-Number: FGVMEV0000000000
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Fri Nov 1 06:24:58 2013
VM Resources: 1 CPU/1 allowed, 475 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Not available
Hostname: fortigate
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 228
Release Version Information: GA Patch 4
FortiOS x86-64: Yes
System time: Wed Oct 30 15:43:01 2013
2. Format the log disk
Now enter the command execute formatlogdisk, then press y to confirm. This will format the disk then REBOOT the firewall.
fortigate # execute formatlogdisk
Log disk is /dev/sdb1.
Formatting this storage will erase all data on it, including
logs, quarantine files;
and require the unit to reboot.
Do you want to continue? (y/n)y
3. Enable logging
When the device is back up login to the web GUI and navigate to Log & Report > Log Config > Log Settings. You should now see the 'Disk' option. Select this (and 'Enable local reports' if you want to run reports locally) then click apply. Ensure that 'Display logs from' says Disk.
If you don't have this option via the web GUI you can enable it via the CLI with the following commands:
fortigate # config log disk setting
fortigate (setting) # set status enable
fortigate (setting) # end
Disk logging is no longer available for any of the FortiGate SMB models that are running v5.2. This includes the FG90D, 80D, 70D, 60D/C, 40C, 30D, 20C etc. So if you have a FG60D that is running 5.0.7 with disk logging enabled and upgrade it to 5.2, your disk logging will be now be disabled and no longer available. Models 100D and higher will still have disk logging functionality available upon upgrading to 5.2.
Fortinet are pushing all the smaller devices to use FortiCloud or FortiAnalyzer for logging.
***UPDATE***
Below are the steps to re-enable disk logging:
- Confirm your device has a log disk
- Format the log disk
- Enable logging
Firstly check that your FortiGate has the log disk available. Some units don't come with a log disk. To confirm use the get sys status command and ensure that the variable 'Log hard disk' shows 'Need format'.
fortigate # get sys status
Version: FortiGate-VM64 v5.0,build0228,130809 (GA Patch 4)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 4.00345(2013-05-23 00:39)
IPS-ETDB: 0.00000(2000-00-00 00:00)
Serial-Number: FGVMEV0000000000
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Fri Nov 1 06:24:58 2013
VM Resources: 1 CPU/1 allowed, 475 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Need format
Hostname: fortigate
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 228
Release Version Information: GA Patch 4
FortiOS x86-64: Yes
System time: Wed Oct 30 15:43:01 2013
If your FortiGate doesn't have a hard disk you'll get the following:
fortigate # get sys status
Version: FortiGate-VM64 v5.0,build0228,130809 (GA Patch 4)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 4.00345(2013-05-23 00:39)
IPS-ETDB: 0.00000(2000-00-00 00:00)
Serial-Number: FGVMEV0000000000
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Fri Nov 1 06:24:58 2013
VM Resources: 1 CPU/1 allowed, 475 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Not available
Hostname: fortigate
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 228
Release Version Information: GA Patch 4
FortiOS x86-64: Yes
System time: Wed Oct 30 15:43:01 2013
2. Format the log disk
Now enter the command execute formatlogdisk, then press y to confirm. This will format the disk then REBOOT the firewall.
fortigate # execute formatlogdisk
Log disk is /dev/sdb1.
Formatting this storage will erase all data on it, including
logs, quarantine files;
and require the unit to reboot.
Do you want to continue? (y/n)y
3. Enable logging
When the device is back up login to the web GUI and navigate to Log & Report > Log Config > Log Settings. You should now see the 'Disk' option. Select this (and 'Enable local reports' if you want to run reports locally) then click apply. Ensure that 'Display logs from' says Disk.
If you don't have this option via the web GUI you can enable it via the CLI with the following commands:
fortigate # config log disk setting
fortigate (setting) # set status enable
fortigate (setting) # end
Subscribe to:
Comments (Atom)