Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sozo_Admin
New Contributor

Fortigate not showing Deny logs

Howdy all,

I am trying to view Deny traffic logs on a Fortigate 30E
(FortiGate 30Ev6.2.15 build1378 (GA)
and they are not showing up.
Via the CLI - log severity level set to Warning
Local logging

 

Here is the details:
CMB-FL01 # show full-configuration log memory filter
config log memory filter
set severity warning
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set anomaly enable
set voip enable
set filter ‘’
set filter-type include

 

The Fortigate is getting hammered, with alerts coming in thusly: (Sanitized)

 

Message meets Alert condition
date=2024-11-14 time=15:04:05 devname=CMB-FL01 devid=FGT30E5777885133 logid=“0000000013” type=“traffic” subtype=“forward” level=“notice” vd=“root” eventtime=1731621845329636171 tz=“-0700” srcip=194.264.22.254 srcport=56676 srcintf=“wan” srcintfrole=“wan” dstip=93.22.3.19 dstport=10443 dstintf=“lan” dstintfrole=“lan” sessionid=3808968 proto=6 action=“deny” policyid=0 policytype=“policy” service=“tcp/10443” dstcountry=“Canada” srccountry=“Canada” trandisp=“dnat” tranip=195.137.0.254 tranport=443 duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat=“unscanned” crscore=30 craction=131072 crlevel=“high”

 

Implicit Deny policy in place - set to log violation Traffic:

Sozo_Admin_0-1731685105459.png

 

Firewall11209×756 28 KB

 

However I can find no deny logs:

Sozo_Admin_1-1731685105471.png

 

Firewall21898×879 30.2 KB

 

Nor can I see the Implicit Deny object when trying to search logs by Policy:

Sozo_Admin_2-1731685105476.png

 

firewall5509×648 86.5 KB

 

 

Sozo_Admin_3-1731685105469.png

 

Firewall41914×841 40.3 KB

 

I don’t know if I am missing something obvious, or have configured something incorrectly.
If anyone has any advice it would be appreciated!
Thanks to any takers.
Sozo

13 REPLIES 13
dingjerry_FTNT

Hi @Sozo_Admin ,

 

What I meant is that due to limited memory, the new logs will overwrite the old logs when there is not enough memory to save all the logs.

Regards,

Jerry
Sozo_Admin

Howdy funkylicious,

Destination is LAN, sorry but thanks!

parthpatel
Staff
Staff

Hello @Sozo_Admin,

Can you please review the below document and confirm that you have all the needed settings enabled on the firewall for implicit deny logs?
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-see-implicit-deny-logs/ta-...

wmichael
Staff
Staff

Hello Sozo_Admin

Ensure logging on the implicit deny is enabled.

 

See the following article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implicit-deny-logs/ta-p/194602

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors