Audit web facing administration interfaces. By default, FortiGate logs all deny actions. You can check these actions by going to Log & Report > System Events. This default behavior should not be changed. Also secure log files in a central location such as FortiCloud and configure alert email which provides an efficient and direct method of notifying an administrator of events. You can configure log settings by going to Log & Report > Log Settings.
An auditing schedule should be established to routinely inspect logs for signs of intrusion and probing.