Hi Obi, this can have multiple causes: 1. logdisk needs to be formatted: in cli: #get sys status you will receive similar ouput: Version: FortiGate-1000C v5.0,build0228,130809 (GA Patch 4) Virus-DB: 16.00560(2012-10-19 08:31) Extended DB: 1.00000(2012-10-17 15:46) Extreme DB: 1.00000(2012-10-17 15:47) IPS-DB: 4.00345(2013-05-23 00:39) One of the lines will be either: Log hard disk: Available or Log hard disk: Need Format <-- If this is the case then the logdisk needs to be formatted: #execute formatlogdisk This procedure is instant and requires a reboot of the device. Best practice is to do so in maintenance hours with backup taken. If the status says: Log hard disk: Available Then it will be likely down to logging settings. Few things need to be checked: Where do you want (can) log: memory, disk, forticloud, syslog, fortianalyzer... lets start with basics - CLI commands to overview current setting: get log disk setting get log memory setting get log gui Common mistake or misconfiguration (I am not saying who is to blame) is that log device is set as disk yet logs are displayed from ie. memory or vice versa. I am not sure if 111C comes with harddrive so I will use config for memory logging - same can be done for disk logging: config log memory setting set status enable end config log gui set log-device memory end Now check the logs. Same settings can be done for disk (you want to however disable logging to memory in this case) I do not need to mention that logging itself needs to be enabled on policies + extra settings per utm profiles. Some filters can be used too: config log disk filter config log memory filter ....etc I prefer to use CLI commands all the time as the CLI is almost always correct rather than the GUI. CLI guides can be found: docs.fortinet.com