Description
This articles describes how to disable the additional traffic statistics logs sent from FortiGate to syslog server.
Scope
ForitGate.
Solution
'Logid' = 0000000020 is the statistic log for long live session which is added in 5.6.6, 6.0.1 and 6.2.0.
This is recorded every two minutes when a session is longer than 2 minutes and is used to improve accuracy sent/received data in in FortiView.
The following command is to disable these statistics logs sent to syslog server:
Config log syslogd filter
set filter "logid(0000000020)"
set filter-type exclude
end
Important:
Starting v7.0 onwards, the syslog filtering syntax has been changed.
Refer to 'free-style' syslog filters on those Firmware versions:
Technical Tip: Using syslog free-style filters
Technical Tip: Configuring advanced syslog free-style filters
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.