Logging and reporting

Welcome and thank you for selecting Fortinet products for your network protection. This document provides detailed information that explains how to take advantage of your FortiGate’s ability to log and report activity, whether you need to monitor network stability, log traffic offsite for security reasons, provide bandwidth usage reports, or one of many other possible functions.

Logging is an integral component of the FortiGate system. Logging allows you to view the activity and status of the traffic passing through your network, and monitor for anomalies.

If you notice problems with this document, or have suggestions for improvements, send an email about them to Fortinet Technical Document at  techdoc@fortinet.com.


Performance statistics are not logged to disk. Performance statistics can be received by a syslog server or by FortiAnalyzer.

Before you begin

Before you begin using this guide, please ensure that:

  • You have administrative access to the web-based manager and/or CLI.
  • The FortiGate unit is integrated into your network.
  • The operation mode has been configured.
  • The system time, DNS settings, administrator password, and network interfaces have been configured.
  • Firmware, FortiGuard Antivirus and FortiGuard Antispam updates are completed.

While using the instructions in this guide, note that administrators are assumed to be super_admin administrators unless otherwise specified. Some restrictions will apply to other administrators.

How this guide is organized

This document contains information about how to find the right log device for your logging requirements, how to enable and configure logging to that device, and a detailed explanation of each log type log message.

This FortiOS Handbook chapter contains the following sections:

Logging and reporting overview provides general information about logging. We recommend that you begin with this chapter as it contains information for both beginners and advanced users as well. It contains an explanation of log messages, files, and devices, and an overview of the Reporting functions.

Logging and reporting for small networks provides an overview of setting up a small network for logging, with a look at a possible setup with a backup solution and a customized report.

Logging and reporting for large networks provides an overview of setting up a larger, enterprise-level network, with configuration of multiple FortiGate units, multiple FortiAnalyzer units as a backup solution, and a sample procedure for creating a more intensive and broad report to suit the larger network.

Advanced logging provides a series of separate tutorials for possible tasks and procedures an advanced user may want to undertake with their FortiGate-powered network. It contains explanations of advanced backup, logging, and report solutions.

Troubleshooting and logging provides a short overview of how log messages can be used to identify and solve problems within the network, how to identify and solve logging database issues, and how to solve connection issues between FortiGate and FortiAnalyzer units.