Description

This article describes when forward traffic logs are not displayed when logging is enabled in the policy.

Scope

FortiGate.

Solution

Firewall memory logging severity is set to warning to reduce the amount of logs written to memory by default. Because of that, the traffic logs will not be displayed in the 'Forward logs'.

The severity needs to set to 'Information' to view traffic logs from memory.

To view the current settings.

config log memory filter

(filter) # show full-configuration
config log memory filter
    set severity warning                        <-----
    set forward-traffic enable
    set local-traffic disable
    set multicast-traffic enable
    set sniffer-traffic enable
    set anomaly enable
    set voip enable
    set dns enable
    set ssh enable
    set ssl enable
    set cifs enable
    set filter ''
    set filter-type include
end

Modify the severity to information.

config log memory filter
    set severity information
end

Once modified, Traffic logs should be displayed in the 'Forward Traffic' under memory logs.

Starting from v6.4.0, the default severity is set to 'information'.

So Traffic logs are displayed by default from FortiOS 6.4.0.

If the issue persists, follow these steps.

Check if logging is enabled in firewall policies by running the command:

config firewall policy

    edit <policy ID>

show

Ensure that logging is enabled for the policies expected to see traffic logs:

config firewall policy

    edit <policy ID>

        set logtraffic all

    end

Make sure that the necessary log settings are configured correctly. Verify the log settings by running:

config log setting

show

Make sure the log memory setting is enabled:

config log memory setting

show
    set status enable
end

Related articles:

Technical Tip: Displaying logs via CLI

Technical Tip: No memory logs seen in FortiGate