System monitoring : Logging : Viewing log messages
 
Viewing log messages
You can use the web UI to view and download locally stored log messages. (You cannot use the web UI to view log messages that are stored remotely on Syslog or FortiAnalyzer devices.) Log messages are in human-readable format, where each log field’s name, such as Message (msg field when viewing a raw, downloaded log file), indicates its contents.
To view log messages
1. Go to either Monitor > Log Viewer > Event (to view event logs about the appliance itself) or Monitor > Log Viewer  > Camera (to view logs about connected cameras).
Columns and appearance varies slightly by the log type.
Initially, the page displays a list of log files of that type.
2. Double-click the row of a log file to view the log messages that it contains.
Table 11: Monitor > Video Monitor > Event (viewing the contents of a log file)
Setting name
Description
Level
Select a severity level to hide log messages that are below this threshold (see “Log severity levels”).
Subtype
Select a subcategory (corresponding to the Subtype column) to hide log messages whose subtype field does not match.
Go to line
Type the index number of the log message (corresponding to the # column) that you want to jump to in the display.
Search
Click to find log messages matching specific criteria (see “Searching logs”).
Back
Click to return to the list of log files stored on FortiRecorder’s hard drive.
Save View
Click to keep your current log view settings for subsequent views and sessions (see “Displaying & sorting log columns & rows”).
#
The index number of the log message within the log file, not the order of rows in the web UI.
By default, the rows are sorted by timestamp in descending order, the same as they are within the log file, so the rows are in sequential order, starting with the most recent log message, number 1, in the top row. If you change the row sorting criteria (see “Displaying & sorting log columns & rows”), these index numbers won’t be in the same order as the rows.
For example, when sorting by the Message column’s contents, the index numbers of the first 3 rows could be 14, 15, 9.
Note: In the current log file, each log’s index number changes as new log messages are added, pushing older logs further down the stack. To find the same log message later, remember its timestamp and Message, not its #.
Date
The date on which the log message was recorded.
When in raw format, this is the log’s date field.
Time
The time at which the log message was recorded.
When in raw format, this is the log’s time field.
Subtype
The category of the log message, such as admin for events such as authentication or configuration changes, or system for events such as disk consumption or connection failures.
When in raw format, this is the log’s subtype field.
Log ID
A dynamic log identifier within the system, not predictable, indicative of the cause nor necessarily a unique identifier.
When in raw format, this is the log’s log_id field.
Message
The log message that describes the specific occurrence of a recordable event.
For example, all logout events follow a format similar to User admin logout from GUI(172.16.1.5). but the exact message varies if the account name, connection method, and IP address are different.
When in raw format, this is the log’s msg field.
3. To return to the list of log files, click the Back button.
See also
Displaying & sorting log columns & rows
Searching logs