This article describes how to enable local traffic logging per local-in policy. This option allows logging to be configured per local-in policy. Ability to focus on specific local-in policies that are most relevant.
Scope
FortiGate v7.6.x
Solution
The local-in policy logs are displayed in Memory, Disk, FortiAnalyzer, and FortiGate Cloud.
Logging can be configured per local-in policy in the Log & Report > Log Settings page or by using the following commands:
config log setting
set local-in-policy-log {enable | disable}
end
config firewall local-in-policy
edit <id>
set logtraffic {enable | disable}
next
In case the log location is Memory/Disk, FortiAnalyzer, or FortiCloud, follow the below settings to enable the local traffic.
config log memory filter set local-traffic enable end config log fortianalyzer filter set local-traffic enable end config log disk filter set local-traffic enable end config log fortiguard setting set local-traffic enable end
Note: For low-end devices ( <2 GB RAM) with no Disk logs, in case the log-in memory is disabled to save memory, it is necessary to use FortiAnalyzer or FortiGate Cloud.
Local-in traffic can also continue to be logged globally instead of per policy. To configure global local-in traffic logging in the CLI:
disable local-in-policy-log