FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 194193


This article provides basic troubleshooting when the logs are not displayed in FortiView

Useful links:
Logging FortiGate traffic
Logging FortiGate traffic and using FortiView



Log traffic must be enabled in firewall policies:
#config firewall policy
#    edit <Policy_id>
#        set logtraffic all/utm
Check the log settings and select from the following:
#config log setting
resolve-ip                Add resolved domain name into traffic log if possible.
resolve-port              Add resolved service name into traffic log if possible.
log-user-in-upper         Enable/disable collect log with user-in-upper.
fwpolicy-implicit-log     Enable/disable collect firewall implicit policy log.
fwpolicy6-implicit-log    Enable/disable collect firewall implicit policy6 log.
log-invalid-packet        Enable/disable collect invalid packet traffic log.
local-in-allow            Enable/disable collect local-in-allow log.
local-in-deny-unicast     Enable/disable collect local-in-deny-unicast log.
local-in-deny-broadcast   Enable/disable collect local-in-deny-broadcast log.
local-out                 Enable/disable collect local-out log.
daemon-log                Enable/disable collect daemon log.
neighbor-event            Enable/disable collect neighbor event log.
brief-traffic-format      Enable/disable use of brief format for traffic log.
user-anonymize            Enable/disable anonymize log user name.
expolicy-implicit-log     Enable/disable collect explicit proxy firewall implicit policy log.
log-policy-comment        Enable/disable insertion of policy comment in to traffic log.
#set resolve-ip enable
Configure where the logs will be sent:
#config log memory/disk/fortianalyzer/syslog setting
#    set status enable
Select the source of the log information in FortiView:
#config log gui-display
#set location 
memory           Display memory log.
disk             Display disk log.
fortianalyzer    Display FortiAnalyzer log.
forticloud       Display FortiCloud log.
Check that the severity is set to information, to view ALL the logs from the lowest severity level:
#config log memory/disk/fortianalyzer/syslog filter
#set severity information
forward-traffic     : enable
local-traffic       : enable
multicast-traffic   : enable
sniffer-traffic     : enable
anomaly             : enable
voip                : enable
dns                 : enable
filter              :
filter-type         : include
Execute the following to restart the miglogd process:
#diag sys top 2 50
Wait some seconds to verify the PID of  miglog, in this example is "55"
         newcli      2151      R       1.4     1.0
         sshd        2149      S       0.4     0.7
         httpsd       147      S       0.0     1.6
         pyfcgid     2147      S       0.0     1.5
         miglogd       55      S       0.0     1.4
NOTE: Since 6.2 you will be able to find the process ID via:
# diag sys process pidof miglog
#diag sys kill 11 <PID>       -->     #diag sys kill 11 55
As an alternative you can as well use the following command to restart all miglogd processes at once:
fnsysctl killall miglogd
Run a log test:
#diag log test
To view the logs in FortiView from the FortiGate GUI either:
-Log off & and log on again
-Refresh the page
The logs will be shown under Log & Report


Related Articles

Technical Note : Logs not displayed because of corrupted flash memory