Filter
Top Products
Fortinet 544 FortiWeb 5.0 Patch 6 Administration Guide
Log severity levels
Each log message contains a Severity (pri) field that indicates the severity of the event that
caused the log message, such as pri=warning.
For each location where the FortiWeb appliance can store log files (disk, memory, Syslog or
FortiAnalyzer), you can define a se
verity threshold. The FortiWeb appliance will store all log
messages equal to or exceeding the log severity level you select.
For example, if you select Error, the FortiW
eb appliance will store log messages whose log
severity level is Error, Critical, Alert, and Emergency.
For more information, see “Configuring log destinations” on page 549.
Log rate limits
When FortiWeb is defending your network against a DoS attack, the last thing you need is for
performance to decrease due to logging, compounding the effects of the attack. By the nature
of the attack, these log messages will likely be repetitive anyway. Similarly, repeated attack log
messages when a client has become subject to a period block yet continues to send requests is
of little value, and may actually be distracting from other, unrelated attacks.
Table 49:Log severity levels
Level
(0 is
greatest)
Name Description
0 Emergency The system has become unusable.
1 Alert Immediate action is required.
2 Critical Functionality is affected.
3 Error An error condition exists and functionality could be affected.
4 Warning Functionality could be affected.
5 Notification Information about normal events.
6 Information General information about
syste
m operations.
Avoid recording log messages using low log severity thresholds such as information or
notification to the local hard disk for an extended period of time. A low log severity threshold is
one possible cause of frequent logging. Excessive logging frequency can cause undue wear on
the hard disk and may cause premature failure.