Fortinet black logo

Administration Guide

Event Log

Event Log

The Event Log pane provides an audit log of actions made by users on FortiAnalyzer. It allows you to view log messages that are stored in memory or on the internal hard disk drive. You can use filters to search the messages and download the messages to the management computer.

See the FortiAnalyzer Log Message Reference, available from the Fortinet Document Library, for more information about the log messages.

Go to System Settings > Event Log to view the local log list.

The following options are available:

Add Filter

Filter the event log list based on the log level, user, sub type, or message. See Event log filtering.

Download

Download the event logs in either CSV or the normal format to the management computer.

Raw Log / Formatted Log

Click on Raw Log to view the logs in their raw state.

Click Formatted Log to view them in the formatted into a table.

Historical Log

Click to view the historical logs list.

Back

Click the back icon to return to the regular view from the historical view.

View

View the selected log file. This option is also available from the right-click menu, or by double-clicking on the log file.

This option is only available when viewing historical event logs.

Delete

Delete the selected log file. This option is also available from the right-click menu.

This option is only available when viewing historical event logs.

Clear

Clear the selected file of logs. This option is also available from the right-click menu.

This option is only available when viewing historical event logs.

Type

Select the type from the dropdown list:

  • Event Log
  • FDS Upload Log: Select the device from the dropdown list.
  • FDS Download Log: Select the service (FDS, or FCT) from the Service dropdown list, select the event type (All Event, Push Update, Poll Update, or Manual Update) from the Event dropdown list, and then click Go to browse the logs.

This option is only available when viewing historical logs.

Search

Enter a search term to search the historical logs.

This option is only available when viewing historical event logs.

Pagination

Browse the pages of logs and adjust the number of logs that are shown per page.

The following information is shown:

#

The log number.

Date Time

The date and time that the log file was generated.

Level

The log level:

Debug

Error

Information

Critical

Notification

Alert

Warning

Emergency

User

The user that the log message relates to.

Sub Type

The log sub-type:

System manager event

HA event

FG-FM protocol event

Firmware manager event

Device configuration event

FortiGuard service event

Global database event

FortiClient manager event

Script manager event

FortiMail manager event

Web portal event

Debug I/O log event

Firewall objects event

Configuration change event

Policy console event

Device manager event

VPN console event

Web service event

Endpoint manager event

FortiAnalyzer event

Revision history event

Log daemon event

Deployment manager event

FIPS-CC event

Real-time monitor event

Managered devices event

Log and report manager event

The log sub-type.

Description

A description of the event.

Message

Log message details.

Event Log

The Event Log pane provides an audit log of actions made by users on FortiAnalyzer. It allows you to view log messages that are stored in memory or on the internal hard disk drive. You can use filters to search the messages and download the messages to the management computer.

See the FortiAnalyzer Log Message Reference, available from the Fortinet Document Library, for more information about the log messages.

Go to System Settings > Event Log to view the local log list.

The following options are available:

Add Filter

Filter the event log list based on the log level, user, sub type, or message. See Event log filtering.

Download

Download the event logs in either CSV or the normal format to the management computer.

Raw Log / Formatted Log

Click on Raw Log to view the logs in their raw state.

Click Formatted Log to view them in the formatted into a table.

Historical Log

Click to view the historical logs list.

Back

Click the back icon to return to the regular view from the historical view.

View

View the selected log file. This option is also available from the right-click menu, or by double-clicking on the log file.

This option is only available when viewing historical event logs.

Delete

Delete the selected log file. This option is also available from the right-click menu.

This option is only available when viewing historical event logs.

Clear

Clear the selected file of logs. This option is also available from the right-click menu.

This option is only available when viewing historical event logs.

Type

Select the type from the dropdown list:

  • Event Log
  • FDS Upload Log: Select the device from the dropdown list.
  • FDS Download Log: Select the service (FDS, or FCT) from the Service dropdown list, select the event type (All Event, Push Update, Poll Update, or Manual Update) from the Event dropdown list, and then click Go to browse the logs.

This option is only available when viewing historical logs.

Search

Enter a search term to search the historical logs.

This option is only available when viewing historical event logs.

Pagination

Browse the pages of logs and adjust the number of logs that are shown per page.

The following information is shown:

#

The log number.

Date Time

The date and time that the log file was generated.

Level

The log level:

Debug

Error

Information

Critical

Notification

Alert

Warning

Emergency

User

The user that the log message relates to.

Sub Type

The log sub-type:

System manager event

HA event

FG-FM protocol event

Firmware manager event

Device configuration event

FortiGuard service event

Global database event

FortiClient manager event

Script manager event

FortiMail manager event

Web portal event

Debug I/O log event

Firewall objects event

Configuration change event

Policy console event

Device manager event

VPN console event

Web service event

Endpoint manager event

FortiAnalyzer event

Revision history event

Log daemon event

Deployment manager event

FIPS-CC event

Real-time monitor event

Managered devices event

Log and report manager event

The log sub-type.

Description

A description of the event.

Message

Log message details.