Fortinet black logo

Administration Guide

Log access

Log access

To view the log events table, go to Logging > Log Access > Logs.

The following options and information are available:

Refresh Refresh the log list.
Download Raw Log Export the FortiAuthenticator log to your computer as a text file named FortiAuthenticator.log.
Log Type Reference Select to view the log type reference dialog box. See Log type reference.
Debug Report

Select to download the debug report to your computer as a file named report.dbg.

You can also download a full debug report for one of the following (using the dropdown menu):

  • Authentication
  • Database
  • GUI
  • LDAP Sync
  • RADIUS Accounting
  • SSO
  • System
  • Custom debug
  • Push Authentication
Search for log records

Enter a search term in the search field to search the log message list.

The search string must appear in the Message portion of the log entry to result in a match. To prevent each term in a phrase from matching separately, multiple keywords must be in quotes and be an exact match.

After the search is complete the number of positive matches is displayed next to the Search button, with the total number of log entries in brackets following. Select the total number of log entries to return to the full list. Subsequent searches will search all the log entries, and not just the previous search’s results.

ID The log message’s ID.
Timestamp The time the message was received.
Level

The log severity level:

  • Emergency: The system has become unstable.
  • Alert: Immediate action is required.
  • Critical: Functionality is affected.
  • Error: An erroneous condition exists, and functionality is probably affected.
  • Warning: Functionality could be affected.
  • Notification: Information about normal events.
  • Information: General information about system operations.
  • Debug: Detailed information useful for debugging purposes.
Category The log category, which is always Event. See Log type reference.
Sub category The log subcategory. See Log type reference.
Type id The log type ID.
Action The action which created the log message, if applicable.
Status The status of the action that created the log message, if applicable.
Source IP The source IP address of the relevant device if an authentication action fails.
Short message The log message itself, sometimes slightly shortened.
User The user to whom the log message pertains.
To view log details:

From the log list, select the log whose details you need to view by clicking anywhere within the log’s row. The Log Details pane will open on the right side of the window.

After viewing the log details, select the close icon in the top right corner of the pane to close the details pane.

Log type reference

Select Log Type Reference in the log list toolbar to open the log type reference dialog box.

The following information and options are available:

Search for log types Enter a search term in the search field to search the log type reference.
Type id The log type ID.
Name The name of the log type.
Sub category The log type subcategory, one of: Admin Configuration, Authentication, System, High Availability, User Portal, or Web Service.
Category The log type category, which is always Event.
Description A brief description of the log type.

To close the Log Type Reference dialog box, select close above the top right corner of the box, or simply click anywhere outside the box within the log list.

Sort the log messages

The log message table can be sorted by any column. To sort the log entries by a particular column, select the title for that column. The log entries will now be displayed based on data in that column in ascending order. Select the column heading again to sort the entries in descending order. Ascending or descending is displayed with an arrow next to the column title, an up arrow for ascending and down arrow for descending.

Log access

To view the log events table, go to Logging > Log Access > Logs.

The following options and information are available:

Refresh Refresh the log list.
Download Raw Log Export the FortiAuthenticator log to your computer as a text file named FortiAuthenticator.log.
Log Type Reference Select to view the log type reference dialog box. See Log type reference.
Debug Report

Select to download the debug report to your computer as a file named report.dbg.

You can also download a full debug report for one of the following (using the dropdown menu):

  • Authentication
  • Database
  • GUI
  • LDAP Sync
  • RADIUS Accounting
  • SSO
  • System
  • Custom debug
  • Push Authentication
Search for log records

Enter a search term in the search field to search the log message list.

The search string must appear in the Message portion of the log entry to result in a match. To prevent each term in a phrase from matching separately, multiple keywords must be in quotes and be an exact match.

After the search is complete the number of positive matches is displayed next to the Search button, with the total number of log entries in brackets following. Select the total number of log entries to return to the full list. Subsequent searches will search all the log entries, and not just the previous search’s results.

ID The log message’s ID.
Timestamp The time the message was received.
Level

The log severity level:

  • Emergency: The system has become unstable.
  • Alert: Immediate action is required.
  • Critical: Functionality is affected.
  • Error: An erroneous condition exists, and functionality is probably affected.
  • Warning: Functionality could be affected.
  • Notification: Information about normal events.
  • Information: General information about system operations.
  • Debug: Detailed information useful for debugging purposes.
Category The log category, which is always Event. See Log type reference.
Sub category The log subcategory. See Log type reference.
Type id The log type ID.
Action The action which created the log message, if applicable.
Status The status of the action that created the log message, if applicable.
Source IP The source IP address of the relevant device if an authentication action fails.
Short message The log message itself, sometimes slightly shortened.
User The user to whom the log message pertains.
To view log details:

From the log list, select the log whose details you need to view by clicking anywhere within the log’s row. The Log Details pane will open on the right side of the window.

After viewing the log details, select the close icon in the top right corner of the pane to close the details pane.

Log type reference

Select Log Type Reference in the log list toolbar to open the log type reference dialog box.

The following information and options are available:

Search for log types Enter a search term in the search field to search the log type reference.
Type id The log type ID.
Name The name of the log type.
Sub category The log type subcategory, one of: Admin Configuration, Authentication, System, High Availability, User Portal, or Web Service.
Category The log type category, which is always Event.
Description A brief description of the log type.

To close the Log Type Reference dialog box, select close above the top right corner of the box, or simply click anywhere outside the box within the log list.

Sort the log messages

The log message table can be sorted by any column. To sort the log entries by a particular column, select the title for that column. The log entries will now be displayed based on data in that column in ascending order. Select the column heading again to sort the entries in descending order. Ascending or descending is displayed with an arrow next to the column title, an up arrow for ascending and down arrow for descending.