Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Giovanna
New Contributor III

Created on ā€Ž06-27-2025 08:29 AM

Security Logs Fortigate

 

I would like to share only the most relevant security logs from FortiGate to a syslog collector, and I aim to minimize the volume of data being sent.
For example I am interested in User Activity Events, but I would like to filter them further, for example, to include only admin login events.

Is there any official Fortinet documentation that lists the subcategories or log IDs included in ā€œUser

ā€ƒ

fortigate.jpg

Activity Eventsā€, describing their purpose and content?
And more importantly:
Is it possible to apply filters directly on FortiGate (e.g., using CLI) to export only specific subcategories within a log group?

Any example or reference would be greatly appreciated.

Labels:
262
0 Kudos
1 Solution
smkml
Staff
Staff

Created on ā€Ž06-27-2025 12:29 PM

config log syslogd filter
set filter "logid(xxx)"
end

 

Or refer below KB for comprehensive explanation or free style method.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-In-log-filter-settings-the-logic-is-AND-be...

View solution in original post

248
3 REPLIES 3
smkml
Staff
Staff

Created on ā€Ž06-27-2025 12:29 PM

config log syslogd filter
set filter "logid(xxx)"
end

 

Or refer below KB for comprehensive explanation or free style method.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-In-log-filter-settings-the-logic-is-AND-be...

249
Giovanna
New Contributor III
In response to smkml

Created on ā€Ž07-03-2025 09:07 AM

Hi, is there maybe a command to use in order to not share the selected logs and share all the others, something like:

config log syslogd filter
set filter not "logid(xxx)"
end

? Many Thanks!

 

148
0 Kudos
funkylicious
SuperUser
SuperUser
In response to Giovanna

Created on ā€Ž07-03-2025 09:37 AM

https://docs.fortinet.com/document/fortigate/6.4.16/cli-reference/273422104/config-log-syslogd-filte... , set filter-type exclude i think is what u need.

"jack of all trades, master of none"
"jack of all trades, master of none"
136
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.