Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JCASteel
New Contributor II

Created on ‎04-28-2025 02:02 PM

No antivirus log or IPS log is shown

Hi everyone,

I don't manage to display Antivirus or ips log in my fortigate (OS 7.2.11).

I've set "antivirus log" and "extended log" to enable.

In "IPS signature and filter", packet logging is enable and action is block.

When i try a test from the cli with the command 'diagnose log test' , there is no log.

What is the problem in my conf.

Thank you in advance

Labels:
1441
0 Kudos
6 REPLIES 6
yderek
Staff
Staff

Created on ‎04-28-2025 07:32 PM

@JCASteel  

Hi, Thanks for posting in forum 

 

1: Are you using deep inspection for policy or flow-based policy ?

2: When you check the logs, can you screenshot attach here ? Full screenshot include the FortiGate logging 

3: Have you check the logs in 'memory' or 'FortiAnalyzer' or in 'disk' ?

4:  Follow this KB see whether you can see the logs in CLI instead of GUI 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Displaying-logs-via-FortiGate-s-CLI/ta-p/1...

5: paste below output here 

show log memory setting 

show log memory filter 

show log disk setting 

show log disk filter 

 

1420
JCASteel
New Contributor II
In response to yderek

Created on ‎04-29-2025 01:18 AM Edited on ‎04-29-2025 01:25 AM

2025-04-29_10h20_03.pngThank you for your reply. When I looked the log, 

on the screen it was only the log from one hour. After change the filter by "from 7 days", I see the test logs. But I don't know why I haven't see the test log because the command was launched from 10 minutes. Then I have to check in few days because for the moment I don't see many IPS log external intrusion attempt ?! It's curious (see in attached). And about your first question, I use flow-based policy, no deep inspection.

1400
ezhupa
Staff
Staff
In response to JCASteel

Created on ‎04-29-2025 06:00 AM

You are viewing the Logs from FortiGate Cloud so it might have some kind of latency or might have a specific time when sending the logs  to cloud (depending on logging configuration).  
If you have a possibility to show logs in memory, they should be displayed almost immediately (perhaps a few minutes later).

1379
yderek
Staff
Staff
In response to JCASteel

Created on ‎05-04-2025 03:43 PM

@JCASteel  This is interesting , I guess it might be some issue when visit the logs using the FortiCloud dropdown list as when you choosing the FortiCloud log view, basically FortiGate needs to pull the logs from the FortiCloud

Hard to pin point reason at the moment  if you have a support contract, you can try to open case with TAC and investigate further 

 

1312
0 Kudos
JCASteel
New Contributor II

Created on ‎04-29-2025 06:50 AM

 

2025-04-29_15h48_15.png

In my config I have "memory" checked in local logs setting...

And when I choose memory in filter in my log screen I have no data 

1375
0 Kudos
adhawan
Staff
Staff
In response to JCASteel

Created on ‎05-04-2025 07:00 PM

@JCASteel  Memory logging only shows logs with level warning or higher. Logs lower than warning are not stored in memory.

It can be verified via CLI to check that the severity setting has been set to information:

#get log memory filter

Thanks

 

Ankit Dhawan
1303
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.