This article explains why some expected memory logs may not be seen in FortiGate/FortiWifi running FortiOS 5.2 and higher.
From firmware 5.2 onward the default severity for memory logging is set to warning to reduce the amount of logs written to memory by default.
By default from 5.2 onward, memory logging only shows logs with level warning or higher. Logs lower than warning are not stored in memory.
To change this and ensure all logs are stored in memory when generated, the following configuration needs to be done via CLI:
#config log memory filter
set severity information
Once the change has been made, it can be verified via CLI to check that the severity setting has been set to information:
#get log memory filter
severity : information
forward-traffic : enable
local-traffic : disable
multicast-traffic : enable
sniffer-traffic : enable
anomaly : enable
netscan-discovery : enable
voip : enable
With this change, all new logs from that point should be visible in memory.