Without setting a filter, FortiGate will forward different types of logs to the syslog server.

The free-style filter is used to limit the logs sent to the Syslog server by creating expressions such as 'service' type, 'srccountry', 'dstcountry', etc. However, this feature is not available on FortiOS versions lower than 7.0 hence, these steps can be done.

Example:

VPN event logs only will be filtered.

1. Execute these commands from the CLI to disable the default log types.

config log syslogd filter
    set forward-traffic disable
    set local-traffic disable
    set multicast-traffic disable
    set sniffer-traffic disable
    set ztna-traffic disable
    set anomaly disable
    set voip disable
    set gtp disable
end

2. On Log & Report.

• Log Setting -> Event Logging -> Customize and select only 'VPN activity event'.
• Local Log Traffic  -> Customize and uncheck all options.
• Select 'Apply'.

After applying the change, only VPN-related logs are sent to the syslog server.