Description
This article describes how to enable FortiCloud logging on the FortiGate.
Scope
FortiCloud and FortiGate.
Solution
Enabling FortiCloud setting from CLI.
To enable FortiCloud logging, use any SSH/Telnet client (e.g., PuTTY) to access the FortiGate through the CLI, or use the 'Web Interface' by selecting the 'CLI Console' from the top right corner.
Once logged in, execute the following commands:
config log fortiguard setting
set status enable
end
Note: In case of an error while enabling FortiGuard logging, log in to FortiCloud via 'CLI Method' first, then reissue the above commands.
Activating the FortiCloud Account.
CLI Method:
execute fortiguard-log login <email> <password> <domain>
Note: The domain can be one of the following: US, Europe, or GLOBAL.
Example:
execute fortiguard-log login johndoe@fortinet.com password GLOBAL
GUI Method:
Locate the FortiGate cloud section under System -> Dashboard and select Activate to create a FortiGate Cloud account or log into the existing account.
Once the account is active, the account information will appear in the 'Dashboard'.
Now, configure the FortiGate to send logs to FortiCloud.
Go to Log & Report -> Log Settings -> Cloud Logging Settings.
Go to Log & Report -> Log Settings -> Cloud Logging Settings.
Select the Upload option to Realtime in case more accurate logging is needed. Note that enabling this option may increase the CPU usage on the FortiGate, as it sends logs to FortiCloud in real time.
To display logs from FortiCloud on the FortiGate, navigate to: Dashboard -> Log & Report -> Events -> System Events -> FortiCloud. This displays logs directly from FortiCloud, especially when logs are not being saved to Disk or Memory.
To display logs from FortiCloud on the FortiGate, navigate to: Dashboard -> Log & Report -> Events -> System Events -> FortiCloud. This displays logs directly from FortiCloud, especially when logs are not being saved to Disk or Memory.
Enable 'Logging' on Firewall Policy.
Go to Policy & Objects -> IPv4, enable Log allowed traffic, and select the logging option (Security Events/All Sessions).
Go to Policy & Objects -> IPv4, enable Log allowed traffic, and select the logging option (Security Events/All Sessions).
Note:
If all of the above settings are checked and the logs are still not received on the Cloud, make sure that FortiGate is running the latest firmware if using a Free Subscription with FortiGate Cloud.
Starting from February 28, 2025, a FortiGate without an active FortiGate Cloud subscription is required to upgrade to the latest firmware patch within 7 days of a new GA patch release, or FortiGate Cloud services will be paused for that device.
This will affect the cloud retention service, where logs will not be forwarded to FortiCloud until the device is updated to the latest firmware patch if using a Free FortiGate Cloud account. See Technical Tip: Security enforcement change for FortiGates provisioned to FortiGate Cloud without act...
Related documents:
Technical Tip: How to register and activate a FortiCloud account
