Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Martín
New Contributor

Created on ‎04-08-2015 12:27 PM

"memory traffic log is 95% full" - Fortigate 200B

This problem persist to me:  "memory traffic log is 95% full", although if i make this commands:

 

config log memory setting           set diskfull overwrite

 

Any idea? Thanks!

39207
0 Kudos
3 Solutions
Christopher_McMullan
Staff
Staff

Created on ‎04-08-2015 01:40 PM

That looks properly configured, actually. There are warning thresholds set when the log memory approaches being full. If you have set the FortiGate to overwrite the oldest file once it reaches a certain age or size, it will simply delete the oldest file and open a new one. The threshold alerts shouldn't be anything to get alarmed about.

Regards, Chris McMullan Fortinet Ottawa

View solution in original post

9797
0 Kudos
Jeff_FTNT
Staff
Staff

Created on ‎04-08-2015 04:48 PM

It can not disable , but it can change setting at :

 

config log memory global-setting     set max-size 163840     set full-first-warning-threshold 75     set full-second-warning-threshold 90     set full-final-warning-threshold 95 end

If you increase max-size, it may have less chance to report this event log, thanks.

View solution in original post

9797
0 Kudos
Jeff_FTNT
Staff
Staff

Created on ‎04-10-2015 08:39 AM

<When i get these "memory traffic log is 95% full" the Fortigate block my GUI conections.>

That should be a bug, one way you may disable "traffic log " on policy, heavy  traffic log to memory is useless. Thanks.

View solution in original post

9797
0 Kudos
7 REPLIES 7
Christopher_McMullan
Staff
Staff

Created on ‎04-08-2015 01:40 PM

That looks properly configured, actually. There are warning thresholds set when the log memory approaches being full. If you have set the FortiGate to overwrite the oldest file once it reaches a certain age or size, it will simply delete the oldest file and open a new one. The threshold alerts shouldn't be anything to get alarmed about.

Regards, Chris McMullan Fortinet Ottawa

9798
0 Kudos
Jeff_FTNT
Staff
Staff

Created on ‎04-08-2015 04:48 PM

It can not disable , but it can change setting at :

 

config log memory global-setting     set max-size 163840     set full-first-warning-threshold 75     set full-second-warning-threshold 90     set full-final-warning-threshold 95 end

If you increase max-size, it may have less chance to report this event log, thanks.

9798
0 Kudos
Martín
New Contributor
In response to Jeff_FTNT

Created on ‎04-10-2015 06:27 AM

Jeff_FTNT wrote:

It can not disable , but it can change setting at :

 

config log memory global-setting    set max-size 163840    set full-first-warning-threshold 75    set full-second-warning-threshold 90    set full-final-warning-threshold 95 end

If you increase max-size, it may have less chance to report this event log, thanks.

Hi Jeff_FTNT, thanks for reply. When i get these "memory traffic log is 95% full" the Fortigate block my GUI conections. If i increase the max-size, i only delays carrying the problem, it will relock. How can avoid this? The logs increase very quickly.

 

9748
0 Kudos
Jeff_FTNT
Staff
Staff

Created on ‎04-10-2015 08:39 AM

<When i get these "memory traffic log is 95% full" the Fortigate block my GUI conections.>

That should be a bug, one way you may disable "traffic log " on policy, heavy  traffic log to memory is useless. Thanks.

9798
0 Kudos
Martín
New Contributor
In response to Jeff_FTNT

Created on ‎04-10-2015 12:23 PM

Jeff_FTNT wrote:

<When i get these "memory traffic log is 95% full" the Fortigate block my GUI conections.>

That should be a bug, one way you may disable "traffic log " on policy, heavy  traffic log to memory is useless. Thanks.

Yes, something is wrong with the firewall, i not use the memory log often, so i'll disabled it, and use only syslog server.

Thanks for reply

9748
0 Kudos
Martín
New Contributor
In response to Jeff_FTNT

Created on ‎04-10-2015 01:47 PM

 

  Yes, something is wrong with the firewall, i not use the memory log often. I'll disabled it i use only syslog server.

 

Thanks for reply

9748
0 Kudos
makco10
Contributor II
In response to Martín

Created on ‎07-19-2019 02:11 PM

Hello,

 

Other option is change the inspection mode from Proxy mode to Flow-Based.

 

Proxy : More security more resources

Flow-based: Less resources but you lose features like DLP.

 

In the new FortiOS 6.2 you can merge the inspection modes by policy :)

 

Regards.

Defend Your Enterprise Network With Fortigate Next Generation Firewall
Defend Your Enterprise Network With Fortigate Next Generation Firewall
9748
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.