Hi Obi,
this can have multiple causes:
1. logdisk needs to be formatted:
in cli:
#get sys status
you will receive similar ouput:
Version: FortiGate-1000C v5.0,build0228,130809 (GA Patch 4)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
Extreme DB: 1.00000(2012-10-17 15:47)
IPS-DB: 4.00345(2013-05-23 00:39)
One of the lines will be either:
Log hard disk: Available
or
Log hard disk: Need Format <-- If this is the case then the logdisk needs to be formatted:
#execute formatlogdisk
This procedure is instant and requires a reboot of the device. Best practice is to do so in maintenance hours with backup taken.
If the status says: Log hard disk: Available
Then it will be likely down to logging settings. Few things need to be checked:
Where do you want (can) log: memory, disk, forticloud, syslog, fortianalyzer...
lets start with basics - CLI commands to overview current setting:
get log disk setting
get log memory setting
get log gui
Common mistake or misconfiguration (I am not saying who is to blame) is that log device is set as disk yet logs are displayed from ie. memory or vice versa. I am not sure if 111C comes with harddrive so I will use config for memory logging - same can be done for disk logging:
config log memory setting
set status enable
end
config log gui
set log-device memory
end
Now check the logs. Same settings can be done for disk (you want to however disable logging to memory in this case)
I do not need to mention that logging itself needs to be enabled on policies + extra settings per utm profiles. Some filters can be used too:
config log disk filter
config log memory filter
....etc
I prefer to use CLI commands all the time as the CLI is almost always correct rather than the GUI. CLI guides can be found: docs.fortinet.com