Technical Tip: Difference between 'Security Events' and 'All session' in Log Allowed Traffic in Firewall Policy

• All Sessions: Logs every single connection accepted or denied by the policy, providing a complete record of all traffic flow.
• Security Events (UTM): Logs only the specific traffic that matches or triggers an active security profile (such as Antivirus, Web Filter, or IPS) applied to the policy.
• Disable: Prevents the firewall from generating any traffic logs for sessions matching the policy.

To edit the firewall policy logging in the web GUI:

To edit the firewall policy logging on the CLI:

config firewall policy
    edit 1
       set logtraffic {all | utm | disable}
    next
end

Related Articles:
Technical Tip: Enable Security Event logging on the policy with Security Fabric enabled 

Logging local traffic per local-in policy | FortiOS 7.6.0 New Features 

Technical Tip: The available options for logging on FortiGate