If this is about the ability to delete logs via "execute log delete" or "[...] delete-all" command, then the permissions to use it are controlled by the "Log & Report" permission in admin access profiles (loggrp in CLI). If you set it to "none" or "read", an admin with this access profile will not be able to delete the logs.
"execute formatlogdisk" is also controlled by the Log & Report permission.
I'm not aware of any other commands to delete logs. If anybody knows, let me know and I can test those as well.
- there is no way to completely prevent logs being deleted on the FortiGate
-> if it does not have a disk and thus logs to memory, then a reboot will wipe those logs
-> if the unit does have a disk there are several CLI commands that can delete the logs, but these are controlled by specific admin permissions; anyone logging into the FortiGate WITHOUT those permissions can't delete logs
-> there is no fine-tuning; either all logs or no logs get deleted (so there is no option of removing only specific logs to hide some activity without being obvious)
- to be safe, it is always a good idea to also store logs at a secondary location (have FortiGate send logs to syslog or FortiAnalyzer, for example)
-> even if logs are deleted on FortiGate, they would still exist somewhere else and could be checked there
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++