Logs
Logs offers more detailed log information, access to individual log data, and downloadable log files. You can select a category of logs to view from the list on the left.
You can select a time period to view data for:
l Last 60 minutes l Last 24 hours l Last 7 days l Last 30 days l Specified time period
You can set the chart’s refresh rate by selecting the Change Refresh Period icon. By using the Add Filter dropdown list, you can filter the log list by various factors. Selecting Column Setting allows you to customize the default log view. By selecting Log Files, you can see the raw log data files and manually download them. The box in the lower right allows you to move through pages of log data by clicking the arrows or entering a page number.
You can download various types of raw logs from FortiGate Cloud. The log filename format is as follows:
<FortiGate serial number>_<log type>_<beginning of log date range>-<time of first log>-<end of log date range>-<time of last log>.log.gz
The log filename format uses a shortened identifier for each log type:
| Log type | Identifier | ||
| Traffic | tlog | ||
| Web Filter | wlog | ||
| Application Control | rlog | ||
| AntiSpam | slog | ||
| AntiVirus | vlog | ||
| Log type | Identifier | ||
| DLP | dlog | ||
| Attack | alog | ||
| Anomaly | mlog | ||
| DNS | olog | ||
| Event (including all subtypes) | elog | ||
For example, consider an Application Control log that is generated for the period between October 23, 2019 and November 2, 2019 for a FortiGate with the serial number “FGT123”. The first log in the file has a timestamp of 6:09 PM, while the last log in the file has a timestamp of 9:32 AM. The log file name is as follows: FGT123_rlog_20191023-1809-20191101-0932.log.gz