Helpful ReplyHot!"memory traffic log is 95% full" - Fortigate 200B

Author
Martín
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/18 07:07:26
  • Status: offline
2015/04/08 12:27:49 (permalink)
0

"memory traffic log is 95% full" - Fortigate 200B


This problem persist to me:  "memory traffic log is 95% full", although if i make this commands:
 
config log memory setting
          set diskfull overwrite

 
Any idea? Thanks!
#1
Christopher McMullan_FTNT
Gold Member
  • Total Posts : 415
  • Scores: 34
  • Reward points: 0
  • Joined: 2014/09/08 08:00:33
  • Status: offline
Re: "memory traffic log is 95% full" - Fortigate 200B 2015/04/08 13:40:55 (permalink) ☄ Helpfulby Martín 2015/04/10 06:09:28
0
That looks properly configured, actually. There are warning thresholds set when the log memory approaches being full. If you have set the FortiGate to overwrite the oldest file once it reaches a certain age or size, it will simply delete the oldest file and open a new one. The threshold alerts shouldn't be anything to get alarmed about.
#2
Jeff_FTNT
Gold Member
  • Total Posts : 228
  • Scores: 21
  • Reward points: 0
  • Joined: 2005/06/14 16:27:00
  • Status: offline
Re: "memory traffic log is 95% full" - Fortigate 200B 2015/04/08 16:48:01 (permalink) ☄ Helpfulby Martín 2015/04/10 07:26:04
0
It can not disable , but it can change setting at :
 
config log memory global-setting
    set max-size 163840
    set full-first-warning-threshold 75
    set full-second-warning-threshold 90
    set full-final-warning-threshold 95
end


If you increase max-size, it may have less chance to report this event log, thanks.
#3
Martín
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/18 07:07:26
  • Status: offline
Re: "memory traffic log is 95% full" - Fortigate 200B 2015/04/10 06:27:18 (permalink)
0
Jeff_FTNT
It can not disable , but it can change setting at :
 
config log memory global-setting
   set max-size 163840
   set full-first-warning-threshold 75
   set full-second-warning-threshold 90
   set full-final-warning-threshold 95
end


If you increase max-size, it may have less chance to report this event log, thanks.



Hi Jeff_FTNT, thanks for reply. When i get these "memory traffic log is 95% full" the Fortigate block my GUI conections. If i increase the max-size, i only delays carrying the problem, it will relock. How can avoid this? The logs increase very quickly.
 
#4
Jeff_FTNT
Gold Member
  • Total Posts : 228
  • Scores: 21
  • Reward points: 0
  • Joined: 2005/06/14 16:27:00
  • Status: offline
Re: "memory traffic log is 95% full" - Fortigate 200B 2015/04/10 08:39:47 (permalink) ☄ Helpfulby Martín 2015/04/10 12:19:16
0
<When i get these "memory traffic log is 95% full" the Fortigate block my GUI conections.>
That should be a bug, one way you may disable "traffic log " on policy, heavy  traffic log to memory is useless. Thanks.
#5
Martín
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/18 07:07:26
  • Status: offline
Re: "memory traffic log is 95% full" - Fortigate 200B 2015/04/10 12:23:41 (permalink)
0
Jeff_FTNT
<When i get these "memory traffic log is 95% full" the Fortigate block my GUI conections.>
That should be a bug, one way you may disable "traffic log " on policy, heavy  traffic log to memory is useless. Thanks.



Yes, something is wrong with the firewall, i not use the memory log often, so i'll disabled it, and use only syslog server.
Thanks for reply
#6
Martín
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/18 07:07:26
  • Status: offline
Re: "memory traffic log is 95% full" - Fortigate 200B 2015/04/10 13:47:03 (permalink)
0
 
  Yes, something is wrong with the firewall, i not use the memory log often. I'll disabled it i use only syslog server.
 
Thanks for reply
#7
makco10
Silver Member
  • Total Posts : 90
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/01/20 15:21:33
  • Location: Honduras
  • Status: offline
Re: "memory traffic log is 95% full" - Fortigate 200B 2019/07/19 14:11:28 (permalink)
0
Hello,
 
Other option is change the inspection mode from Proxy mode to Flow-Based.
 
Proxy : More security more resources
Flow-based: Less resources but you lose features like DLP.
 
In the new FortiOS 6.2 you can merge the inspection modes by policy :)
 
Regards.

Defend Your Enterprise Network With Fortigate Next Generation Firewall

#8
Jump to:
© 2019 APG vNext Commercial Version 5.5