Hi Olav,
As you are not able to see config logs in the files under Log browse I suggest the following:
Using Putty or SecureCRT etc. connect to the FAZ and log all the outputs from CLI to a file and try to log the log packets like:
FortiAnalyzer-VM # diagnose sniffer packet any ' host FG-IP-address'
<verbose> 1: print header of packets
2: print header and data from IP of packets
3: print header and data from Ethernet of packets
choose 2:
1) diagnose sniffer packet any ' host FG-IP-address' 2
2) do some changes for example on the fireall policy
3) stop the sniffer with CTRL+C
4) logout from FAZ CLI
5) search config messages in the file like this:
73.224726 193.86.250.182.2474 -> 193.85.199.90.514: psh 3083017352 ack 1113124487
0x0000 4500 0124 ffcd 4000 3d06 f848 c156 fab6 E..$..@.=..H.V..
0x0010 c155 c75a 09aa 0202 b7c3 1c88 4258 ee87 .U.Z........BX..
0x0020 8018 1f68 f868 0000 0101 080a 0a45 09c6 ...h.h.......E..
0x0030 1179 024b 1700 0100 000d 65a1 0000 00f0 .y.K......e.....
0x0040 0700 0000 0000 00e4 ef07 00dc 000a c446 ...............F
0x0050 4754 3830 4333 3931 3036 3135 3639 3201 GT80C39106xxxxx.
0x0060 4c41 425f 4c55 5804 726f 6f74 0454 0425 LAB_LUX.root.T.%
0x0070 4a00 b301 0006 0000 0000 ae03 0100 7573 J.............us
0x0080 6572 3d22 746f 7468 6122 2075 693d 2247 er=" totha" .ui=" G
0x0090 5549 2836 322e 3136 382e 3330 2e34 3329 UI(x.x.x.x)
0x00a0 2220 6163 7469 6f6e 3d45 6469 7420 6366 " .action=Edit.cf
0x00b0 6774 6964 3d32 3033 3138 3637 2063 6667 gtid=2031867.cfg
0x00c0 7061 7468 3d22 6669 7265 7761 6c6c 2e70 path=
" firewall.p
0x00d0 6f6c 6963 7922 2063 6667 6f62 6a3d 2233 olicy" .cfgobj=" 3
0x00e0 3322 2063 6667 6174 7472 3d22 6170 706c 3" .cfgattr=" appl
0x00f0 6963 6174 696f 6e2d 6c69 7374 5b41 432d ication-list[AC-
0x0100 3e4e 4153 5d22 206d 7367 3d22 4564 6974 >NAS]" .msg="
Edit
0x0110 2066 6972 6577 616c 6c2e 706f 6c69 6379 .firewall.policy
0x0120 2033 3322 .33"
This way cou can check whether the config messages are sent to FAZ or not.
Probably there is a better way to check it.