Hi, I am not sure that the FG-200B has a log disk or only some flash. Check the cli settings: config log disk setting set status enable set storage <disk, memory, FLASH> --- usually these are the options !!! changing the storage may require to reboot the device !!! or config log memory setting set status enable The most important is to check where the logs are stored and set the gui settings to read these logs: config log setting set gui-location <memory, disk, fortianalyzer...> If I were you I try this: config log setting get --- check the gui-settings if it is memory, disk etc... than config log disk setting get config log memory setting get --- check the " status" enable/disable at these two options. If you have somewhere enabled than set the gui-location to that. Optionally you can set to log to disk, flash etc with the commands above. Be aware of the possobility that the FortiGate will need to be restarted. It will warm you and ask you whether to continue and reboot or discard the settings and not reboot.

Hi all, i try command suggest by return this error ...

Are you using VDOMs? If yes than try: " config global" and then the commands or for a specific VDOM: config vdom edit <vdom name>

Traffic log you can enable on the firewall policy directly. As the logging enabled on the policy is the basic setting on firewall I recommend you to read the http://docs.fortinet.com/uploaded/files/1084/fortigate-loggingreporting-50.pdf Also documents on http://docs.fortinet.com are recommended to read.

Hi AtiT, thank you in advance, I checked configuration and I think the problem is the storage not allocated (and less space for this work). I try log in syslog server without success, there' s log for read error syslog? Attached my config for syslog fortinet and server. Thank you very much for the help. (for your questions of VDOM yes, ther' s 3 VDOM config ...)

I forgote ... Port 15000 on server is open ...

Hi, The not allocated space on the storage could be a problem but I am not sure. I think the space will be used until the flash will be full and the logs will be deleted and rewrited with new logs. Check the ' get sys status' command and look at the row Log Disk Status: Probably the flash need to be formatted - It will probably reboot the FGT! I downloaded Splunk and set up syslog on it and it is working. Try to disable CSV - probably is not supported on Slunk (I did not checked that). Also you can try to capture packets on port 15000 like: diagnose sniffer packet any ' port 15000' 4 Check whether some syslog messages are sent to this port.