Fortinet Document Library

Version:


Table of Contents

21.1.0
Download PDF
Copy Link

Logview

Logview offers more detailed log information, access to individual log data, and downloadable log files. You can select a category of logs to view from the list on the left.

You can select a time period to view data for. You can view log data older than seven days only for devices that have a FortiGate Cloud subscription. For devices with a free subscription, FortiGate Cloud grays out any dates beyond a seven-day period:

  • Last 60 minutes
  • Last 24 hours
  • Last 7 days
  • Last 30 days
  • Specified time period

The Time column displays the raw log time, which may not correspond to the display time zone that you configured for FortiGate Cloud. To convert the raw log time to the FortiGate Cloud display time zone, add or subtract the time offset provided in the Time column. In the example above, log 1 was recorded at 03:10:56. The (-0700) in the Time column shows the time difference between the raw log time and Greenwich mean time. Since in the example, the display time zone is the same as Greenwich mean time, you can then conclude that log 1 was recorded at 10:10:56 (03:10:56 + 07:00:00) in the display time zone.

You can set the chart's refresh rate by selecting the Change Refresh Period icon. By using the Add Filter dropdown list, you can filter the log list by various factors. Selecting Column Setting allows you to customize the default log view. By selecting Log Files, you can see the raw log data files and manually download them. The box in the lower right allows you to move through pages of log data by clicking the arrows or entering a page number.

To download logs:
  1. In Analysis > Logview, go to the desired log in the left navigation pane.
  2. Click Log Files in the upper right corner.
  3. Select the checkboxes for the desired logs. You can download up to five log files at once.
  4. Click the Download button. A .gz archive file containing the logs that you selected in step 3 is downloaded.

You can download various types of raw logs from FortiGate Cloud. The log filename format is as follows:

<log type>_MultiLogs_<download timestamp>.gz

For example, for a traffic log, the filename would be tlog_MultiLogs_1592503586.gz.

The log filename format uses a shortened identifier for each log type:

Log type

Identifier

Anomaly

mlog

AntiSpam

slog

AntiVirus

vlog

Application Control

rlog

Attack

alog

CIFS

ilog

Content

clog

DLP

dlog

DNS

olog

Event (including all subtypes)

elog

File filter

fflog

GTP

glog

Netscan

nscan

SSH/SSL

hlog

Traffic

tlog

VOIP

plog

Web Application Firewall (WAF)

flog

Web Filter

wlog

For example, consider an Application Control log that is generated for the period between October 23, 2019 and November 2, 2019 for a FortiGate with the serial number "FGT123". The first log in the file has a timestamp of 6:09 PM, while the last log in the file has a timestamp of 9:32 AM. The log file name is as follows:

FGT123_rlog_20191023-1809-20191101-0932.log.gz

Logview

Logview offers more detailed log information, access to individual log data, and downloadable log files. You can select a category of logs to view from the list on the left.

You can select a time period to view data for. You can view log data older than seven days only for devices that have a FortiGate Cloud subscription. For devices with a free subscription, FortiGate Cloud grays out any dates beyond a seven-day period:

  • Last 60 minutes
  • Last 24 hours
  • Last 7 days
  • Last 30 days
  • Specified time period

The Time column displays the raw log time, which may not correspond to the display time zone that you configured for FortiGate Cloud. To convert the raw log time to the FortiGate Cloud display time zone, add or subtract the time offset provided in the Time column. In the example above, log 1 was recorded at 03:10:56. The (-0700) in the Time column shows the time difference between the raw log time and Greenwich mean time. Since in the example, the display time zone is the same as Greenwich mean time, you can then conclude that log 1 was recorded at 10:10:56 (03:10:56 + 07:00:00) in the display time zone.

You can set the chart's refresh rate by selecting the Change Refresh Period icon. By using the Add Filter dropdown list, you can filter the log list by various factors. Selecting Column Setting allows you to customize the default log view. By selecting Log Files, you can see the raw log data files and manually download them. The box in the lower right allows you to move through pages of log data by clicking the arrows or entering a page number.

To download logs:
  1. In Analysis > Logview, go to the desired log in the left navigation pane.
  2. Click Log Files in the upper right corner.
  3. Select the checkboxes for the desired logs. You can download up to five log files at once.
  4. Click the Download button. A .gz archive file containing the logs that you selected in step 3 is downloaded.

You can download various types of raw logs from FortiGate Cloud. The log filename format is as follows:

<log type>_MultiLogs_<download timestamp>.gz

For example, for a traffic log, the filename would be tlog_MultiLogs_1592503586.gz.

The log filename format uses a shortened identifier for each log type:

Log type

Identifier

Anomaly

mlog

AntiSpam

slog

AntiVirus

vlog

Application Control

rlog

Attack

alog

CIFS

ilog

Content

clog

DLP

dlog

DNS

olog

Event (including all subtypes)

elog

File filter

fflog

GTP

glog

Netscan

nscan

SSH/SSL

hlog

Traffic

tlog

VOIP

plog

Web Application Firewall (WAF)

flog

Web Filter

wlog

For example, consider an Application Control log that is generated for the period between October 23, 2019 and November 2, 2019 for a FortiGate with the serial number "FGT123". The first log in the file has a timestamp of 6:09 PM, while the last log in the file has a timestamp of 9:32 AM. The log file name is as follows:

FGT123_rlog_20191023-1809-20191101-0932.log.gz