Hi everyone,
I don't manage to display Antivirus or ips log in my fortigate (OS 7.2.11).
I've set "antivirus log" and "extended log" to enable.
In "IPS signature and filter", packet logging is enable and action is block.
When i try a test from the cli with the command 'diagnose log test' , there is no log.
What is the problem in my conf.
Thank you in advance
Hi, Thanks for posting in forum
1: Are you using deep inspection for policy or flow-based policy ?
2: When you check the logs, can you screenshot attach here ? Full screenshot include the FortiGate logging
3: Have you check the logs in 'memory' or 'FortiAnalyzer' or in 'disk' ?
4: Follow this KB see whether you can see the logs in CLI instead of GUI
5: paste below output here
show log memory setting
show log memory filter
show log disk setting
show log disk filter
Created on 04-29-2025 01:18 AM Edited on 04-29-2025 01:25 AM
Thank you for your reply. When I looked the log,
on the screen it was only the log from one hour. After change the filter by "from 7 days", I see the test logs. But I don't know why I haven't see the test log because the command was launched from 10 minutes. Then I have to check in few days because for the moment I don't see many IPS log external intrusion attempt ?! It's curious (see in attached). And about your first question, I use flow-based policy, no deep inspection.
You are viewing the Logs from FortiGate Cloud so it might have some kind of latency or might have a specific time when sending the logs to cloud (depending on logging configuration).
If you have a possibility to show logs in memory, they should be displayed almost immediately (perhaps a few minutes later).
@JCASteel This is interesting , I guess it might be some issue when visit the logs using the FortiCloud dropdown list as when you choosing the FortiCloud log view, basically FortiGate needs to pull the logs from the FortiCloud
Hard to pin point reason at the moment if you have a support contract, you can try to open case with TAC and investigate further
In my config I have "memory" checked in local logs setting...
And when I choose memory in filter in my log screen I have no data
@JCASteel Memory logging only shows logs with level warning or higher. Logs lower than warning are not stored in memory.
It can be verified via CLI to check that the severity setting has been set to information:
#get log memory filter
Thanks
User | Count |
---|---|
2549 | |
1356 | |
795 | |
646 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.