Skip to main content
JCASteel
JCASteel
New Member
April 28, 2025
Question

No antivirus log or IPS log is shown

  • April 28, 2025
  • 2 replies
  • 2262 views

Hi everyone,

I don't manage to display Antivirus or ips log in my fortigate (OS 7.2.11).

I've set "antivirus log" and "extended log" to enable.

In "IPS signature and filter", packet logging is enable and action is block.

When i try a test from the cli with the command 'diagnose log test' , there is no log.

What is the problem in my conf.

Thank you in advance

2 replies

yderek
Staff
yderek
Staff
April 29, 2025

@JCASteel  

Hi, Thanks for posting in forum 

 

1: Are you using deep inspection for policy or flow-based policy ?

2: When you check the logs, can you screenshot attach here ? Full screenshot include the FortiGate logging 

3: Have you check the logs in 'memory' or 'FortiAnalyzer' or in 'disk' ?

4:  Follow this KB see whether you can see the logs in CLI instead of GUI 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Displaying-logs-via-FortiGate-s-CLI/ta-p/193027

5: paste below output here 

show log memory setting 

show log memory filter 

show log disk setting 

show log disk filter 

 

    JCASteel
    JCASteelAuthor
    New Member
    April 29, 2025

    2025-04-29_10h20_03.pngThank you for your reply. When I looked the log, 

    on the screen it was only the log from one hour. After change the filter by "from 7 days", I see the test logs. But I don't know why I haven't see the test log because the command was launched from 10 minutes. Then I have to check in few days because for the moment I don't see many IPS log external intrusion attempt ?! It's curious (see in attached). And about your first question, I use flow-based policy, no deep inspection.

      ezhupa
      Staff
      ezhupa
      Staff
      April 29, 2025

      You are viewing the Logs from FortiGate Cloud so it might have some kind of latency or might have a specific time when sending the logs  to cloud (depending on logging configuration).  
      If you have a possibility to show logs in memory, they should be displayed almost immediately (perhaps a few minutes later).

        JCASteel
        JCASteelAuthor
        New Member
        April 29, 2025
         

        2025-04-29_15h48_15.png

        In my config I have "memory" checked in local logs setting...

        And when I choose memory in filter in my log screen I have no data 

        adhawan
        Staff
        adhawan
        Staff
        May 5, 2025

        @JCASteel  Memory logging only shows logs with level warning or higher. Logs lower than warning are not stored in memory.

        It can be verified via CLI to check that the severity setting has been set to information:

        #get log memory filter

        Thanks

         

        Terms & ConditionsAccessibility statement