FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 190094

For high volume log data, Fortinet recommends sending logs to a remote log destination such as FortiAnalyzer/FortiManager, FortiCloud or syslog  server.

However, it some cases, it is advisable to send event logging to disk (for models with a local disk).  This is particularly true for HA clusters because this helps to ensure that all HA-related logs are captured in Master & Slave units during HA transitions.

To filter what type of logs are sent to disk, use the "log disk filter".   This filter does not explicitly mention event logs.  Instead the same level of event logging is sent to all log destinations.

So the key is to enable disk logging BUT disable all configurable options in the "log disk filter".  You can use the template below.  Use the "get" command to check whether your firmware release has any other log sub-types which must be disabled in addition to the ones included in the template.

 End Result: You are left with only event logging sent to disk.

You can copy and paste the following into the CLI.

config vdom
edit <VDOM NAME>

config log disk filter
    set forward-traffic disable
    set local-traffic disable
    set multicast-traffic disable
    set sniffer-traffic disable
    set anomaly disable
    set netscan-discovery disable
    set netscan-vulnerability disable
    set voip disable
    set dlp-archive disable

Confirm that all options are "disabled":
get log disk filter

Ensure disk logging is enabled:

config log disk setting
    set status enable