So just to be clear, the only logs you want to send are those with a certain event level or a certain IPS level or ID 13 for traffic?
I do not have access to a FGT running FOS 6.2.X. The docs for 6.4 seem to imply it might be possible to use "AND" and "OR" operators in the filters. It's used in the free-style filter for already-captured logs but I wonder if you can do it for the other filter too.
Thanks @gfleming. There seems to be a high degree of ambiguity in Fortinet's configuration and documentation of log filters. I would love to see them clear that up, because the solution to my question still isn't clear.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.