Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Salman_Baig
New Contributor

memory traffic log is 95% full" - Fortigate

what is this i delete all logs but after few time they show me again error 

how to fix it please help

 

memory traffic log is 95% full" - Fortigate

app-ctrl memory log is 95% full

7 REPLIES 7
Dave_Hall
Honored Contributor

Logging to memory will always consume over 90% memory after a short while - it was never meant to be a permanent thing. If your fgt device has a HD (or flash) you can try setting the logging to use that instead.  That being said, you really do not have to worry about logging to memory as the fgt should take care of "cleaning up" or freeing up memory.  If you have a FortiAnalyzer or other logging device, you could try logging to that instead if you need to logs. All IMO of course.

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
emnoc
Esteemed Contributor III

Agreed log to anything outside of memory. Syslog and log-storage is cheap and offers a higher degree of log retention.

 

I can get 1TB of storage for example at under 59 usd.

 

Ken Felix

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Salman_Baig

@emnoc you means ? i setup new server for syslog and save all logs in it ?

emnoc
Esteemed Contributor III

Yes, the logs will always be available and  long term retention. If you need high assurance you backup the log server logStore. Alternatively a fortianalyzer would be a 5 stars improvement.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ede_pfau
Esteemed Contributor III

It should be mentioned that by default the log amount for destination memory is quite small - as there are more important things you could do with RAM.

That said, you can increase the memory log to a max. of 2 MB, which holds a couple of hundred log entries.

config log memory

set max 2000000

end

It might reboot after that, warning you beforehand.

 

I agree that logging to memory is of limited use as the time span monitored is quite short (often too short). OTOH, if you increase the logging level above 'information', no traffic logs are recorded, just events. Those can be more important and even if logging to memory you might cover a decent time span.

 

Logging to flash (if that is possible at all) is not a good idea because the frequent writes will wear out the flash and cause hardware failure over time.

 

Logging to syslog might work for you, with the disadvantage that with a pile of log entries it may be cumbersome to find something. The FortiAnalyzer addresses this nicely as it compiles and displays the data for you. IMHO no decent network with more than 2 Fortigates should be run without it.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Salman_Baig
New Contributor

still not solve my problem very painful thing  i bought very expensive unit fortigate after time they error shows anybody please help me very quick and easy way to remove this error 

ede_pfau
Esteemed Contributor III

Then stop logging, or log to an external syslog server.

Used memory will be recovered after a reboot.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors