System Settings : Event log
 
Event log
The logs created by FortiManager are viewable within the Web-based Manager. You can use the FortiManager Log Message Reference, available from the Fortinet Document Library to interpret the messages. You can view log messages in the FortiManager Web-based Manager that are stored in memory or on the internal hard disk.
To view the log messages:
1. Go to System Settings > Event Log.
The event log window opens.
Figure 60: Event log table
The following information is displayed:
Column Settings
Select Column Settings to open the Column Settings window and adjust the column settings for the list.
Historical Log
Select Historical Log to view historical event logs. You can view select Event Log, FDS Upload Log, or FDS Download Log from the drop-down menu. You can select to clear or view logs.
The following columns are displayed: File Name, Size, and Last Access Time.
Download
Select Download to download a file containing the logs in either CSV or the normal format. Select OK to save the file to your management computer.
Raw Log
Select the Raw Log/Formatted Table button to toggle log message view. Raw logs are displayed in the following format:
2013-10-17 14:26:01 log_id=0001013001 type=event
subtype=fgfm pri=warning adom=n/a user=fgfm msg="fgfm connection to
device FG300B3907600039 is down"
Refresh
Select Refresh to refresh the displayed logs.
#
The event log entry identifier.
Date
The date that the log was generated. You can select the filter icon to select a specific date range to view specific log entries. Select [Clear All Filters] to clear all filters that have been configured.
Format: YYYY-MM-DD
Time
The time that the log was generated. You can select the filter icon to select a specific time range to view specific log entries. Select [Clear All Filters] to clear all filters that have been configured.
Format: HH:MM:SS
Level
The logging level of the log generated. You can select the filter icon to select a logging level or range to view specific log entries. Select [Clear All Filters] to clear all filters that have been configured.
The logging levels are Emergency, Alert, Critical, Error, Warning, Notice, Information, and Debug.
User
The user associated with the log generated. You can select the filter icon to enable specific event types. Select [Clear All Filters] to clear all filters that have been configured.
Sub Type
The logging subtype of the log generated. You can select the filter icon to select a logging level or range to view specific log entries. Select [Clear All Filters] to clear all filters that have been configured.
The logging subtypes are System manager event, FG-FM protocol event, Device configuration event, Global database event, Script manager event, Web portal event, Firewall objects event, Policy console event, VPN console event, Endpoint manager event, Revision history event, Deployment manager event, HA event, Firmware manager event, FortiGuard service event, FortiClient manager event, FortiMail manager event, Debug I/O log event, Configuration change event, Device manager event, and Web service event.
Message
The log event message.
Page Navigation
Browse pages in the event log page. You can select the number of log entries to display from the drop-down menu.
2. Select the filter symbol in the heading of any of the table columns to open the Filter Settings window.
Figure 61: Filter settings window
3. Adjust the filter settings as needed, then select Apply to apply the filter to the table.
4. Select Clear Filter from the event log table view to remove any applied filters.