FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
Article Id 303904


This article describe how to use events and audit logs in cases when a new issue arises on an existing setup that was previously working normally. This also applies for an intermittent issue that appear at specific time only.








Events and Alarms:

The event can be filtered on the required time period covering only the time when the issue happened. The results can also be exported in different file formats, the CSV format could be a best fit in case it need to be uploaded in TAC support ticket:




This will help while searching in the large log files (ex. output.master or output.nessus) for specific keywords and the correct timestamp when this issue actually happened. Generating a log-snapshot of FNAC as soon as the issue happens, increases the chances that the log files will cover the same time window with the incident present in the event logs. Depending on network activity or debugs enabled, the log files can be quickly filled up and may cover only a short period of time.


The example below shows a correlation between the information shown in the GUI and same event recorded also in the master log file. The information shown in the GUI is stored separately in the DB.




The logs in output master will show a more extended view of this events, in case when specific debugs are enabled more information will be available.


yams.TelnetServer INFO :: 2024-03-08 10:48:22:239 :: #441 :: Warning: failed to create an SSH2 session for FGT-61E at


org.apache.http.conn.ConnectTimeoutException: Connect to [/] failed: connect timed outyams SEVERE :: 2024-03-08 10:49:24:761 :: #332 :: at org.apache.http.impl.connefaultHttpClientConnectionOperator.connect(
yams SEVERE :: 2024-03-08 10:49:24:761 :: #332 :: at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(
yams SEVERE :: 2024-03-08 10:49:24:761 :: #332 :: at org.apache.http.impl.execchain.MainClientExec.establishRoute(


yams INFO :: 2024-03-08 10:49:34:768 :: #332 :: CommonMib getArpCacheSNMP error: 2 0 reading from device


yams.TelnetServer INFO :: 2024-03-08 10:50:41:776 :: #332 :: Warning: failed to create an SSH2 session for FGT-61E at



In case when more information is needed related to the event generation process itself, a logger can be enabled:


diagnose debug logger set fine yams.ScriptProfile


Many events will show by default but other events can also be enabled from the Management tab:




Audit Logs:

The audit logs are more focused on the changes done on the configuration and will cover every change done in the system since the initial deployment:


audit logs.PNG


These logs are helpful to track the changes done on the system. To export the content in case it's need to be uploaded in TAC support ticket, the Legacy View needs to be firstly enabled in System > Feature Visibility:


feature visibility.PNG


and than with a similar view like Event viewer the content can be now exported: