Description

In general, the logs for application control signature are logged from  GUI by navigating to Log & Report -> Application Control -> Add filter based on the based of requirement.

Similarly, it is possible to generate the logs from CLI.

Scope

FortiGate.

Solution

In the below example:
10.143.5.27 is the IP address of the PC to access the application.31077 is application signature ID

execute log filter start-line 1
execute log filter field srcip 10.143.5.27
execute log filter field appid 31077
execute log display

10 logs found.
10 logs returned.

1: date=2021-04-24 time=08:53:05 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619247185411863762 tz="+0200" srcip=10.143.5.27 srcport=49867 srcintf="port3" srcintfrole="undefined" dstip=74.125.206.91 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6454070 proto=6 action="close" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49867 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=25 sentbyte=14723 rcvdbyte=193588 sentpkt=95 rcvdpkt=184
 
2: date=2021-04-24 time=08:53:05 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619247185411858198 tz="+0200" srcip=10.143.5.27 srcport=49868 srcintf="port3" srcintfrole="undefined" dstip=64.233.184.119 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6454088 proto=6 action="close" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49868 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=25 sentbyte=2104 rcvdbyte=4746 sentpkt=17 rcvdpkt=16
 
3: date=2021-04-24 time=08:51:44 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619247104471850754 tz="+0200" srcip=10.143.5.27 srcport=49793 srcintf="port3" srcintfrole="undefined" dstip=142.251.5.132 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6448068 proto=6 action="close" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49793 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=199 sentbyte=3356 rcvdbyte=33841 sentpkt=37 rcvdpkt=42 sentdelta=162 rcvddelta=144
 
4: date=2021-04-24 time=08:51:44 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619247104471847653 tz="+0200" srcip=10.143.5.27 srcport=49781 srcintf="port3" srcintfrole="undefined" dstip=74.125.206.119 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6447319 proto=6 action="close" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49781 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=228 sentbyte=7426 rcvdbyte=296226 sentpkt=130 rcvdpkt=224 sentdelta=203 rcvddelta=196
 
5: date=2021-04-24 time=08:51:44 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619247104471833290 tz="+0200" srcip=10.143.5.27 srcport=49780 srcintf="port3" srcintfrole="undefined" dstip=64.233.166.136 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6447313 proto=6 action="close" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49780 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=229 sentbyte=76305 rcvdbyte=2218413 sentpkt=402 rcvdpkt=1697 sentdelta=2216 rcvddelta=749
 
6: date=2021-04-24 time=08:50:40 logid="0000000020" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619247040548893384 tz="+0200" srcip=10.143.5.27 srcport=49793 srcintf="port3" srcintfrole="undefined" dstip=142.251.5.132 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6448068 proto=6 action="accept" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49793 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=135 sentbyte=3194 rcvdbyte=33697 sentpkt=33 rcvdpkt=39 sentdelta=3194 rcvddelta=33697
 
7: date=2021-04-24 time=08:49:59 logid="0000000020" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619246999424441049 tz="+0200" srcip=10.143.5.27 srcport=49780 srcintf="port3" srcintfrole="undefined" dstip=64.233.166.136 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6447313 proto=6 action="accept" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49780 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=124 sentbyte=74089 rcvdbyte=2217664 sentpkt=391 rcvdpkt=1685 sentdelta=74089 rcvddelta=2217664
 
8: date=2021-04-24 time=08:49:55 logid="0000000020" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619246995523816525 tz="+0200" srcip=10.143.5.27 srcport=49781 srcintf="port3" srcintfrole="undefined" dstip=74.125.206.119 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6447319 proto=6 action="accept" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49781 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=120 sentbyte=7223 rcvdbyte=296030 sentpkt=125 rcvdpkt=220 sentdelta=7223 rcvddelta=296030
 
9: date=2021-04-24 time=08:48:30 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619246910661865138 tz="+0200" srcip=10.143.5.27 srcport=49794 srcintf="port3" srcintfrole="undefined" dstip=142.251.5.132 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6448069 proto=6 action="client-rst" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49794 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=6 sentbyte=873 rcvdbyte=6246 sentpkt=7
 
10: date=2021-04-24 time=08:48:30 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1619246910661859843 tz="+0200" srcip=10.143.5.27 srcport=49792 srcintf="port3" srcintfrole="undefined" dstip=142.251.5.132 dstport=443 dstintf="port1" dstintfrole="undefined" poluuid="fa0c895a-a4c4-51eb-8781-5b744b4ecdcb" sessionid=6448067 proto=6 action="client-rst" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=10.5.23.36 transport=49792 appid=31077 app="YouTube" appcat="Video/Audio" apprisk="elevated" applist="Youtube access" appact="detected" duration=6 sentbyte=873 rcvdbyte=6247 sentpkt=7

Note:

v5.0 up to v6.4 are out of engineering support. So these commands might be different on higher versions. Consider upgrading the firmware level on the device to a supported version (v7.0 up to v7.6). Here check the firmware path and compatibility depending on the hardware: Upgrade tool.