Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JCASteel
New Contributor II

No antivirus log or IPS log is shown

Hi everyone,

I don't manage to display Antivirus or ips log in my fortigate (OS 7.2.11).

I've set "antivirus log" and "extended log" to enable.

In "IPS signature and filter", packet logging is enable and action is block.

When i try a test from the cli with the command 'diagnose log test' , there is no log.

What is the problem in my conf.

Thank you in advance

6 REPLIES 6
yderek
Staff
Staff

@JCASteel  

Hi, Thanks for posting in forum 

 

1: Are you using deep inspection for policy or flow-based policy ?

2: When you check the logs, can you screenshot attach here ? Full screenshot include the FortiGate logging 

3: Have you check the logs in 'memory' or 'FortiAnalyzer' or in 'disk' ?

4:  Follow this KB see whether you can see the logs in CLI instead of GUI 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Displaying-logs-via-FortiGate-s-CLI/ta-p/1...

5: paste below output here 

show log memory setting 

show log memory filter 

show log disk setting 

show log disk filter 

 

JCASteel
New Contributor II

2025-04-29_10h20_03.pngThank you for your reply. When I looked the log, 

on the screen it was only the log from one hour. After change the filter by "from 7 days", I see the test logs. But I don't know why I haven't see the test log because the command was launched from 10 minutes. Then I have to check in few days because for the moment I don't see many IPS log external intrusion attempt ?! It's curious (see in attached). And about your first question, I use flow-based policy, no deep inspection.

ezhupa

You are viewing the Logs from FortiGate Cloud so it might have some kind of latency or might have a specific time when sending the logs  to cloud (depending on logging configuration).  
If you have a possibility to show logs in memory, they should be displayed almost immediately (perhaps a few minutes later).

yderek

@JCASteel  This is interesting , I guess it might be some issue when visit the logs using the FortiCloud dropdown list as when you choosing the FortiCloud log view, basically FortiGate needs to pull the logs from the FortiCloud

Hard to pin point reason at the moment  if you have a support contract, you can try to open case with TAC and investigate further 

 

JCASteel
New Contributor II

 

2025-04-29_15h48_15.png

In my config I have "memory" checked in local logs setting...

And when I choose memory in filter in my log screen I have no data 

adhawan

@JCASteel  Memory logging only shows logs with level warning or higher. Logs lower than warning are not stored in memory.

It can be verified via CLI to check that the severity setting has been set to information:

#get log memory filter

Thanks

 

Ankit Dhawan
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors