- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do all logs in the FortiOS Log Reference manual appear in the Fortigate?
Hi everyone,
There are some specific events I want to log. I have been reading the FortiOS Log Reference Manual and from what I understand for the logs listed there to show in the fortigate, their corresponding category has to be included in Event Logging within Log & Report - > Log Settings. However for some of the logs listed in the manual, their category (e.g. SSL and wireless) does not show up in the Fortigate Log Settings. If I wanted to log these categories, how would I do this? Also could someone confirm me if by including the category (e.g. system) in the Log Settings, it means all the events whithin that category will be logged, or must someone enable/disable a specific feature for some events to be logged?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to take a look at the raw data of log messages. If you're in GUI, just download the log into a text file then you can see like below.
date=2024-07-18 time=08:28:26 eventtime=1721316505827777458 tz="-0700" logid="0100032003" type="event" subtype="system" level="information" vd="root" logdesc="Admin logout successful" sn="xxxxxxxx" user="xxxxxxxx" ui="https(x.x.x.x)" method="https" srcip=x.x.x.x dstip=x.x.x.x action="logout" status="success" duration=709 reason="exit" msg="Administrator xxxxxxxx logged out from https(x.x.x.x)"
Toshi
<edit>You changed the post so my comment doesn't match your query any more.</edit>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
then, to comment on your new post, if you're looking for filtering events by "Log Category IDs" like "ssl: 17" in the reference manual, you probably need to enable all event log. Then in CLI, set the filter category to 17: utm-ssl, when you show the event like in the KB.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Displaying-logs-via-FortiGate-s-CLI/ta-p/1...
You probably can't do the same in GUI unfortunately.
Toshi