Logname of Fortimanager Logs in Fortianalyzer

Hi,

we use our virtual FAZ (all Fortigates are also logging to this device) also to receive logs from our Fortimanager.

Because of several security audits we need to create a FAZ report which shows all Logins in Fortimanager.

As you see in Screenshot1 the events from FMG are correctly sent to FAZ.

I also tried to create a new FAZ Dataset (with own select Commands). In which logs the FMG Events are stored? In the normal $log I do not find any entries from FMG (only Fortigate Logs are in this log table). I want to filter the logs for 0001010018 (which means a login).

I hope you have some answers.

thanks a lot.