By design, FortiGate generates a log every 2 minutes for new/existing sessions. However, the 2-minute interval is packet-driven.

Every time a packet flows through the session, the FortiGate checks if 2 minutes have elapsed. If this is the case, a log is generated and if there is no traffic for an extended period, no statistical log will be generated.

For example:

When a user browses a webpage and stops interacting, a log is generated after the first 2 minutes, but no further logs appear unless traffic resumes.

If the 'logtraffic-start' option is enabled on the policy, the new session log will show up immediately whereas the existing session log may take up to 2 minutes.

Below is the command snap.

On v7.0.x or previous OS versions, the setting can be enabled via GUI, as per the picture below:

For long-lived sessions, enable additional statistics fields in the log settings:

config log setting

    set long-live-session-stat enable

end

Note: This option is available only in FortiOS version 7.4.0 and above.

Related articles:

• Technical Tip: How to know the starting time of a traffic session
• Introduce new log fields for long-live sessions - FortiGate 7.4.0 new features