Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Log only local system events


I have branch fortigate which traffic all is going to hq fortigate and this fortigate send all logs to fortianalyzer, so this way traffic from branch is logged.

Some Ipv4 policies on branch are configured with option "Log Allowed Traffic: All Sessions" but this logs should only be in local memory and should not be forwarded to fortianalyzer, I would to send to fortianalyzer only local system events like failed admin logins etc, how to do this?


Hi Tutek,

You can accomplish this using the "config log fortianalyzer filter" command as defined in the following documentation:


Can you define a "free-form filter" that matches whatever criteria you want to send to the FortiAnalyzer from the FortiGate.