Configure log handling settings for engines
Log Handling settings allow you to adjust logging when the log spool on the Firewall, IPS, Layer 2 Firewall, or Master NGFW Engine fills up.
Logs are spooled locally when the Log Server is not available. The Master NGFW Engine spools its own logs and the logs sent by the Virtual NGFW Engines that the Master NGFW Engine hosts.
You can also configure Log Compression to save resources on the engine. By default, each generated Antispoofing and Discard log entry is logged separately and displayed as a separate entry in the Logs view. Log Compression allows you to define the maximum number of separately logged entries. When the defined limit is reached, a single Antispoofing log entry or Discard log entry is logged. The single entry contains information on the total number of the generated Antispoofing log entries or Discard log entries. After this, logging returns to normal and all generated entries are once more logged and displayed separately.
The general Log Compression settings you define in the Engine Editor are applied as default settings on all interfaces. You can also define Log Compression and override the global settings in each interface’s properties.
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Editor – Advanced Settings – Log Handling
Use this branch to change log handling settings for the engine. You can use log handling settings to adjust logging when the log spool on the engine fills up.
Option | Definition |
---|---|
Log Spooling Policy
(Not Virtual NGFW Engines) |
Defines what happens when the engine’s log spool becomes full.
|
Log Compression
(Antispoofing Log Event Type for Firewalls only) |
The maximum number of separately logged entries. When the defined limit is reached, a single Antispoofing log entry or Discard log entry is logged. The single entry contains information about the total number of the generated Antispoofing log entries or Discard log entries. After this, logging returns to normal and all generated entries are logged and displayed separately.
Note: Do not enable Log Compression if you want all Antispoofing and Discard entries to be logged as separate log entries (for example, for reporting or statistics).
|
Set to Default | Returns Log Compression changes to the default settings. |