Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Chinmay_Sagade
Staff
Staff

Created on ‎12-29-2025 07:38 AM

Article Id 424440

Technical Tip: FortiGate log IDs required to populate SD-WAN widgets under FortiView on FortiAnalyzer

Description This article describes complete configuration and Log IDs required on FortiGate to populate all SD-WAN widgets under FortiView on FortiAnalyzer.
Scope FortiGate, FortiAnalyzer.
Solution

In a high-volume multi-tenant network environment, the FortiAnalyzer log filters help in making log management efficient by limiting the logs that are sent from the FortiGate to the FortiAnalyzer, and optimizing the performance of both the devices while enabling more focused analysis.

 

The command config log fortianalyzer filter can be used on the FortiGate to control which logs are sent to the FortiAnalyzer using filters like Log Category, Source IP, Log IDs, etc.

 

Widgets under FortiView on FortiAnalyzer rely on the received logs to display data. There are multiple such widgets for SD-WAN. However, if the required SD-WAN Log IDs are not included, some SD-WAN widgets in FortiAnalyzer may display 'No Data'.

 

FortiAnalyzer uses different log types to populate all the SD-WAN widgets:

 

  • Event logs: These populate SD-WAN event-based widgets like SD-WAN Bandwidth Overview, SD-WAN Performance Status, SD-WAN Health Overview, Top SD-WAN SLA Issues,and Top SD-WAN Device Throughput. The Log IDs required to populate these widgets are: 0113022923 to 0113022939.
  • To achieve this, run the following commands on FortiGate CLI:

 

config log fortianalyzer filter

    config free-style

        edit 0

            set category event

            set filter "(logid 0113022923 0113022924 0113022925 0113022926 0113022927 0113022928              0113022929 0113022930 0113022931 0113022932 0113022933 0113022934 0113022935 0113022936            0113022937 0113022938 0113022939)"

            set filter-type include

        next

    end
end

 

  • Traffic logs: These populate utilization and application-based SD-WAN widgets like SD-WAN Rules Utilization, SD-WAN Utilization by Application, Top SD-WAN applications, and Top SD-WAN Talkers. The Log IDs required to populate these widgets are:0000000002 to 0000000024.
    To achieve this, run the following commands on FortiGate CLI:

 

config log fortianalyzer filter

    config free-style

        edit 0

            set category traffic

            set filter "(logid 0000000002 0000000003 0000000004 0000000005 0000000006 0000000007              0000000008 0000000009 0000000011 0000000012 0000000013 0000000014 0000000015 0000000016            0000000017 0000000018 0000000019 0000000020 0000000021 0000000022 0000000023 0000000024)"

            set filter-type include

        next

    end
end

 

For more information regarding filter types and Log IDs, see the following:

CLI reference: config log fortianalyzer filter

FortiOS log message reference
32
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.