Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sozo_Admin
New Contributor

Created on ‎11-15-2024 07:40 AM

Fortigate not showing Deny logs

Howdy all,

I am trying to view Deny traffic logs on a Fortigate 30E
(FortiGate 30Ev6.2.15 build1378 (GA)
and they are not showing up.
Via the CLI - log severity level set to Warning
Local logging

 

Here is the details:
CMB-FL01 # show full-configuration log memory filter
config log memory filter
set severity warning
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set anomaly enable
set voip enable
set filter ‘’
set filter-type include

 

The Fortigate is getting hammered, with alerts coming in thusly: (Sanitized)

 

Message meets Alert condition
date=2024-11-14 time=15:04:05 devname=CMB-FL01 devid=FGT30E5777885133 logid=“0000000013” type=“traffic” subtype=“forward” level=“notice” vd=“root” eventtime=1731621845329636171 tz=“-0700” srcip=194.264.22.254 srcport=56676 srcintf=“wan” srcintfrole=“wan” dstip=93.22.3.19 dstport=10443 dstintf=“lan” dstintfrole=“lan” sessionid=3808968 proto=6 action=“deny” policyid=0 policytype=“policy” service=“tcp/10443” dstcountry=“Canada” srccountry=“Canada” trandisp=“dnat” tranip=195.137.0.254 tranport=443 duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat=“unscanned” crscore=30 craction=131072 crlevel=“high”

 

Implicit Deny policy in place - set to log violation Traffic:

Sozo_Admin_0-1731685105459.png

 

Firewall11209×756 28 KB

 

However I can find no deny logs:

Sozo_Admin_1-1731685105471.png

 

Firewall21898×879 30.2 KB

 

Nor can I see the Implicit Deny object when trying to search logs by Policy:

Sozo_Admin_2-1731685105476.png

 

firewall5509×648 86.5 KB

 

 

Sozo_Admin_3-1731685105469.png

 

Firewall41914×841 40.3 KB

 

I don’t know if I am missing something obvious, or have configured something incorrectly.
If anyone has any advice it would be appreciated!
Thanks to any takers.
Sozo

Labels:
1534
0 Kudos
13 REPLIES 13
dingjerry_FTNT
Staff
Staff
In response to Sozo_Admin

Created on ‎11-15-2024 01:56 PM

Hi @Sozo_Admin ,

 

What I meant is that due to limited memory, the new logs will overwrite the old logs when there is not enough memory to save all the logs.

Regards,

Jerry
404
0 Kudos
Sozo_Admin
New Contributor
In response to funkylicious

Created on ‎11-15-2024 11:03 AM

Howdy funkylicious,

Destination is LAN, sorry but thanks!

480
0 Kudos
parthpatel
Staff
Staff

Created on ‎11-15-2024 02:30 PM

Hello @Sozo_Admin,

Can you please review the below document and confirm that you have all the needed settings enabled on the firewall for implicit deny logs?
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-see-implicit-deny-logs/ta-...

391
0 Kudos
wmichael
Staff
Staff

Created on ‎11-15-2024 02:41 PM

Hello Sozo_Admin

Ensure logging on the implicit deny is enabled.

 

See the following article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implicit-deny-logs/ta-p/194602

 

388
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.