Fortinet white logo
Fortinet white logo

CLI Reference

config log setting

config log setting

Configure general log settings.

config log setting
    Description: Configure general log settings.
    set anonymization-hash {string}
    set brief-traffic-format [enable|disable]
    set custom-log-fields <field-id1>, <field-id2>, ...
    set daemon-log [enable|disable]
    set expolicy-implicit-log [enable|disable]
    set extended-log [enable|disable]
    set faz-override [enable|disable]
    set fortiview-weekly-data [enable|disable]
    set fwpolicy-implicit-log [enable|disable]
    set fwpolicy6-implicit-log [enable|disable]
    set local-in-allow [enable|disable]
    set local-in-deny-broadcast [enable|disable]
    set local-in-deny-unicast [enable|disable]
    set local-out [enable|disable]
    set local-out-ioc-detection [enable|disable]
    set log-policy-comment [enable|disable]
    set log-user-in-upper [enable|disable]
    set long-live-session-stat [enable|disable]
    set neighbor-event [enable|disable]
    set resolve-ip [enable|disable]
    set resolve-port [enable|disable]
    set rest-api-get [enable|disable]
    set rest-api-set [enable|disable]
    set syslog-override [enable|disable]
    set user-anonymize [enable|disable]
end

config log setting

Parameter

Description

Type

Size

Default

anonymization-hash

User name anonymization hash salt.

string

Maximum length: 32

brief-traffic-format

Enable/disable brief format traffic logging.

option

-

disable

Option

Description

enable

Enable brief format traffic logging.

disable

Disable brief format traffic logging.

custom-log-fields <field-id>

Custom fields to append to all log messages.

Custom log field.

string

Maximum length: 35

daemon-log

Enable/disable daemon logging.

option

-

disable

Option

Description

enable

Enable daemon logging.

disable

Disable daemon logging.

expolicy-implicit-log

Enable/disable explicit proxy firewall implicit policy logging.

option

-

disable

Option

Description

enable

Enable explicit proxy firewall implicit policy logging.

disable

Disable explicit proxy firewall implicit policy logging.

extended-log

Enable/disable extended traffic logging.

option

-

disable

Option

Description

enable

Enable extended traffic logging.

disable

Disable extended traffic logging.

faz-override

Enable/disable override FortiAnalyzer settings.

option

-

disable

Option

Description

enable

Enable override FortiAnalyzer settings.

disable

Disable override FortiAnalyzer settings.

fortiview-weekly-data *

Enable/disable FortiView weekly data.

option

-

disable

Option

Description

enable

Enable FortiView weekly data.

disable

Disable FortiView weekly data.

fwpolicy-implicit-log

Enable/disable implicit firewall policy logging.

option

-

disable

Option

Description

enable

Enable implicit firewall policy logging.

disable

Disable implicit firewall policy logging.

fwpolicy6-implicit-log

Enable/disable implicit firewall policy6 logging.

option

-

disable

Option

Description

enable

Enable implicit firewall policy6 logging.

disable

Disable implicit firewall policy6 logging.

local-in-allow

Enable/disable local-in-allow logging.

option

-

disable

Option

Description

enable

Enable local-in-allow logging.

disable

Disable local-in-allow logging.

local-in-deny-broadcast

Enable/disable local-in-deny-broadcast logging.

option

-

disable

Option

Description

enable

Enable local-in-deny-broadcast logging.

disable

Disable local-in-deny-broadcast logging.

local-in-deny-unicast

Enable/disable local-in-deny-unicast logging.

option

-

disable

Option

Description

enable

Enable local-in-deny-unicast logging.

disable

Disable local-in-deny-unicast logging.

local-out

Enable/disable local-out logging.

option

-

enable

Option

Description

enable

Enable local-out logging.

disable

Disable local-out logging.

local-out-ioc-detection

Enable/disable local-out traffic IoC detection. Requires local-out to be enabled.

option

-

enable

Option

Description

enable

Enable local-out traffic IoC detection. Requires local-out to be enabled.

disable

Disable local-out traffic IoC detection.

log-policy-comment

Enable/disable inserting policy comments into traffic logs.

option

-

disable

Option

Description

enable

Enable inserting policy comments into traffic logs.

disable

Disable inserting policy comments into traffic logs.

log-user-in-upper

Enable/disable logs with user-in-upper.

option

-

disable

Option

Description

enable

Enable logs with user-in-upper.

disable

Disable logs with user-in-upper.

long-live-session-stat

Enable/disable long-live-session statistics logging.

option

-

enable

Option

Description

enable

Enable long-live-session statistics logging.

disable

Disable long-live-session statistics logging.

neighbor-event

Enable/disable neighbor event logging.

option

-

disable

Option

Description

enable

Enable neighbor event logging.

disable

Disable neighbor event logging.

resolve-ip

Enable/disable adding resolved domain names to traffic logs if possible.

option

-

disable

Option

Description

enable

Enable adding resolved domain names to traffic logs.

disable

Disable adding resolved domain names to traffic logs.

resolve-port

Enable/disable adding resolved service names to traffic logs.

option

-

enable

Option

Description

enable

Enable adding resolved service names to traffic logs.

disable

Disable adding resolved service names to traffic logs.

rest-api-get

Enable/disable REST API GET request logging.

option

-

disable

Option

Description

enable

Enable GET REST API logging.

disable

Disable GET REST API logging.

rest-api-set

Enable/disable REST API POST/PUT/DELETE request logging.

option

-

disable

Option

Description

enable

Enable POST/PUT/DELETE REST API logging.

disable

Disable POST/PUT/DELETE REST API logging.

syslog-override

Enable/disable override Syslog settings.

option

-

disable

Option

Description

enable

Enable override Syslog settings.

disable

Disable override Syslog settings.

user-anonymize

Enable/disable anonymizing user names in log messages.

option

-

disable

Option

Description

enable

Enable anonymizing user names in log messages.

disable

Disable anonymizing user names in log messages.

* This parameter may not exist in some models.

config log setting

config log setting

Configure general log settings.

config log setting
    Description: Configure general log settings.
    set anonymization-hash {string}
    set brief-traffic-format [enable|disable]
    set custom-log-fields <field-id1>, <field-id2>, ...
    set daemon-log [enable|disable]
    set expolicy-implicit-log [enable|disable]
    set extended-log [enable|disable]
    set faz-override [enable|disable]
    set fortiview-weekly-data [enable|disable]
    set fwpolicy-implicit-log [enable|disable]
    set fwpolicy6-implicit-log [enable|disable]
    set local-in-allow [enable|disable]
    set local-in-deny-broadcast [enable|disable]
    set local-in-deny-unicast [enable|disable]
    set local-out [enable|disable]
    set local-out-ioc-detection [enable|disable]
    set log-policy-comment [enable|disable]
    set log-user-in-upper [enable|disable]
    set long-live-session-stat [enable|disable]
    set neighbor-event [enable|disable]
    set resolve-ip [enable|disable]
    set resolve-port [enable|disable]
    set rest-api-get [enable|disable]
    set rest-api-set [enable|disable]
    set syslog-override [enable|disable]
    set user-anonymize [enable|disable]
end

config log setting

Parameter

Description

Type

Size

Default

anonymization-hash

User name anonymization hash salt.

string

Maximum length: 32

brief-traffic-format

Enable/disable brief format traffic logging.

option

-

disable

Option

Description

enable

Enable brief format traffic logging.

disable

Disable brief format traffic logging.

custom-log-fields <field-id>

Custom fields to append to all log messages.

Custom log field.

string

Maximum length: 35

daemon-log

Enable/disable daemon logging.

option

-

disable

Option

Description

enable

Enable daemon logging.

disable

Disable daemon logging.

expolicy-implicit-log

Enable/disable explicit proxy firewall implicit policy logging.

option

-

disable

Option

Description

enable

Enable explicit proxy firewall implicit policy logging.

disable

Disable explicit proxy firewall implicit policy logging.

extended-log

Enable/disable extended traffic logging.

option

-

disable

Option

Description

enable

Enable extended traffic logging.

disable

Disable extended traffic logging.

faz-override

Enable/disable override FortiAnalyzer settings.

option

-

disable

Option

Description

enable

Enable override FortiAnalyzer settings.

disable

Disable override FortiAnalyzer settings.

fortiview-weekly-data *

Enable/disable FortiView weekly data.

option

-

disable

Option

Description

enable

Enable FortiView weekly data.

disable

Disable FortiView weekly data.

fwpolicy-implicit-log

Enable/disable implicit firewall policy logging.

option

-

disable

Option

Description

enable

Enable implicit firewall policy logging.

disable

Disable implicit firewall policy logging.

fwpolicy6-implicit-log

Enable/disable implicit firewall policy6 logging.

option

-

disable

Option

Description

enable

Enable implicit firewall policy6 logging.

disable

Disable implicit firewall policy6 logging.

local-in-allow

Enable/disable local-in-allow logging.

option

-

disable

Option

Description

enable

Enable local-in-allow logging.

disable

Disable local-in-allow logging.

local-in-deny-broadcast

Enable/disable local-in-deny-broadcast logging.

option

-

disable

Option

Description

enable

Enable local-in-deny-broadcast logging.

disable

Disable local-in-deny-broadcast logging.

local-in-deny-unicast

Enable/disable local-in-deny-unicast logging.

option

-

disable

Option

Description

enable

Enable local-in-deny-unicast logging.

disable

Disable local-in-deny-unicast logging.

local-out

Enable/disable local-out logging.

option

-

enable

Option

Description

enable

Enable local-out logging.

disable

Disable local-out logging.

local-out-ioc-detection

Enable/disable local-out traffic IoC detection. Requires local-out to be enabled.

option

-

enable

Option

Description

enable

Enable local-out traffic IoC detection. Requires local-out to be enabled.

disable

Disable local-out traffic IoC detection.

log-policy-comment

Enable/disable inserting policy comments into traffic logs.

option

-

disable

Option

Description

enable

Enable inserting policy comments into traffic logs.

disable

Disable inserting policy comments into traffic logs.

log-user-in-upper

Enable/disable logs with user-in-upper.

option

-

disable

Option

Description

enable

Enable logs with user-in-upper.

disable

Disable logs with user-in-upper.

long-live-session-stat

Enable/disable long-live-session statistics logging.

option

-

enable

Option

Description

enable

Enable long-live-session statistics logging.

disable

Disable long-live-session statistics logging.

neighbor-event

Enable/disable neighbor event logging.

option

-

disable

Option

Description

enable

Enable neighbor event logging.

disable

Disable neighbor event logging.

resolve-ip

Enable/disable adding resolved domain names to traffic logs if possible.

option

-

disable

Option

Description

enable

Enable adding resolved domain names to traffic logs.

disable

Disable adding resolved domain names to traffic logs.

resolve-port

Enable/disable adding resolved service names to traffic logs.

option

-

enable

Option

Description

enable

Enable adding resolved service names to traffic logs.

disable

Disable adding resolved service names to traffic logs.

rest-api-get

Enable/disable REST API GET request logging.

option

-

disable

Option

Description

enable

Enable GET REST API logging.

disable

Disable GET REST API logging.

rest-api-set

Enable/disable REST API POST/PUT/DELETE request logging.

option

-

disable

Option

Description

enable

Enable POST/PUT/DELETE REST API logging.

disable

Disable POST/PUT/DELETE REST API logging.

syslog-override

Enable/disable override Syslog settings.

option

-

disable

Option

Description

enable

Enable override Syslog settings.

disable

Disable override Syslog settings.

user-anonymize

Enable/disable anonymizing user names in log messages.

option

-

disable

Option

Description

enable

Enable anonymizing user names in log messages.

disable

Disable anonymizing user names in log messages.

* This parameter may not exist in some models.