Hot!memory traffic log is 95% full" - Fortigate

Author
Salman Baig
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/08 03:14:53
  • Status: offline
2019/08/16 13:58:54 (permalink)
0

memory traffic log is 95% full" - Fortigate

what is this i delete all logs but after few time they show me again error 
how to fix it please help
 
memory traffic log is 95% full" - Fortigate
app-ctrl memory log is 95% full
#1

7 Replies Related Threads

    Dave Hall
    Expert Member
    • Total Posts : 1477
    • Scores: 163
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: memory traffic log is 95% full" - Fortigate 2019/08/16 14:36:28 (permalink)
    0
    Logging to memory will always consume over 90% memory after a short while - it was never meant to be a permanent thing. If your fgt device has a HD (or flash) you can try setting the logging to use that instead.  That being said, you really do not have to worry about logging to memory as the fgt should take care of "cleaning up" or freeing up memory.  If you have a FortiAnalyzer or other logging device, you could try logging to that instead if you need to logs. All IMO of course.
     
     

    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #2
    emnoc
    Expert Member
    • Total Posts : 5250
    • Scores: 347
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: memory traffic log is 95% full" - Fortigate 2019/08/16 14:47:44 (permalink)
    0
    Agreed log to anything outside of memory. Syslog and log-storage is cheap and offers a higher degree of log retention.
     
    I can get 1TB of storage for example at under 59 usd.
     
    Ken Felix
     
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #3
    Salman Baig
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/08 03:14:53
    • Status: offline
    Re: memory traffic log is 95% full" - Fortigate 2019/08/16 14:49:22 (permalink)
    0
    @emnoc you means ? i setup new server for syslog and save all logs in it ?
    #4
    emnoc
    Expert Member
    • Total Posts : 5250
    • Scores: 347
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: memory traffic log is 95% full" - Fortigate 2019/08/17 01:33:40 (permalink)
    0
    Yes, the logs will always be available and  long term retention. If you need high assurance you backup the log server logStore. Alternatively a fortianalyzer would be a 5 stars improvement.
     
    Ken Felix

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #5
    ede_pfau
    Expert Member
    • Total Posts : 6050
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: memory traffic log is 95% full" - Fortigate 2019/08/17 01:46:18 (permalink)
    0
    It should be mentioned that by default the log amount for destination memory is quite small - as there are more important things you could do with RAM.
    That said, you can increase the memory log to a max. of 2 MB, which holds a couple of hundred log entries.
    config log memory
    set max 2000000
    end

    It might reboot after that, warning you beforehand.
     
    I agree that logging to memory is of limited use as the time span monitored is quite short (often too short). OTOH, if you increase the logging level above 'information', no traffic logs are recorded, just events. Those can be more important and even if logging to memory you might cover a decent time span.
     
    Logging to flash (if that is possible at all) is not a good idea because the frequent writes will wear out the flash and cause hardware failure over time.
     
    Logging to syslog might work for you, with the disadvantage that with a pile of log entries it may be cumbersome to find something. The FortiAnalyzer addresses this nicely as it compiles and displays the data for you. IMHO no decent network with more than 2 Fortigates should be run without it.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #6
    Salman Baig
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/08 03:14:53
    • Status: offline
    Re: memory traffic log is 95% full" - Fortigate 2019/08/17 21:48:43 (permalink)
    0
    still not solve my problem very painful thing  i bought very expensive unit fortigate after time they error shows anybody please help me very quick and easy way to remove this error 
    #7
    ede_pfau
    Expert Member
    • Total Posts : 6050
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: memory traffic log is 95% full" - Fortigate 2019/08/18 01:11:40 (permalink)
    5 (1)
    Then stop logging, or log to an external syslog server.
    Used memory will be recovered after a reboot.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #8
    Jump to:
    © 2019 APG vNext Commercial Version 5.5