Description
This article describes the steps necessary to delete, download or review the log files for a specific device.
Scope
FortiAnalyzer.
Solution
Log files for a particular device can be deleted, download, import or reviewed by using either the GUI or CLI.
From the GUI
- Go to FortiView -> Logview -> Log Browse.
- Select the log file for the device to delete.
- Select 'Delete, Download, Import or Display'.
From the CLI:
execute log device logstore list
This command lists the Device ID and the total size of logs for that device.
execute log device logstore clear <device_id>
This command deletes all logs for that device.
Another way to review the space used and what kinds of files are saved in the CLI is by using access to the filesystem through the shell.
config system admin setting
set shell-access enable
Enter new password: *****
Confirm new password: *****
end
execute shell
bash$ cd /Storage/Logs/FGVM01TMxxxx/
bash$ pwd
/Storage/Logs/FGVM01TMxxxx
bash$ du -sh
22.8M .
To review how much space is taken by the logs on the HDD:
bash$ du
4 ./root/csf
12 ./root/.info
356 ./root/archive/1684013056
344 ./root/archive/1686110208
4124 ./root/archive/1679818752
348 ./root/archive/1693450240
6836 ./root/archive/1680867328
340 ./root/archive/1694498816
352 ./root/archive/1689255936
340 ./root/archive/1692401664
436 ./root/archive/1681915904
372 ./root/archive/1690304512
172 ./root/archive/1695547392
176 ./root/archive/1687158784
5416 ./root/archive/1678770176
188 ./root/archive/1691353088
516 ./root/archive/1685061632
348 ./root/archive/1688207360
344 ./root/archive/1696595968
240 ./root/archive/1682964480
21256 ./root/archive
Every directory has compressed tlog and elog files.
