The command 'diagnose debug admin error-log' provides details for the last admin user's failed login.

Refer to the following output:

FortiGate # diagnose debug admin error-log
The recent admin user failed login details:
error code : -102
method : https
login name : admin
cmdb name : admin
login vdom : root
current vdom : root
override vdom : null
login profile : super_admin
override profile: null
login time : 2025-07-16 02:29:13

This can be verified in General System Events under Log & Report -> System Events.

Refer to the screenshots:

As per CLI command output, the time is '2025-07-16 02:29:13'.

The error code is -102, indicating that the password is invalid. This can be verified by checking the corresponding time in system event logs. As per the logs, the admin login failed due to an invalid password.

To view failed admin login event logs in the CLI, run the following commands (example below shows logs from memory): 

execute log filter device
Available devices:
0: memory
1: disk
2: fortianalyzer
3: fortianalyzer-cloud
4: forticloud

execute log filter device 0

execute log filter category 1

execute log filter field logdesc "Admin login failed"

execute log display 

1: date=2025-07-16 time=02:29:13 eventtime=1761312693204728541 tz="-0700" logid="0100032002" type="event" subtype="system" level="alert" vd="root" logdesc="Admin login failed" sn="0" user="admin" ui="https(10.5.255.254)" method="https" srcip=10.5.255.254 dstip=10.5.195.23 action="login" status="failed" reason="passwd_invalid" msg="Administrator admin login failed from https(10.5.255.254) because of invalid password"

Related articles:

Troubleshooting Tip: Reasons for failed Admin login on FortiGate or an unsuccessful login on FortiGa...

Technical Tip: Use local-in policy to restrict unauthorized login attempts to administrative access ...

Technical Tip: How to check failed admin logins from the GUI and CLI