FortiGate firewall configures the Syslog filter
Reference URL :
Test
Log Example:
ssh login
Jun 28 14:06:00 192.168.100.254 date=2025-06-28 time=14:06:00 devname="Test-FW" devid="FGVMEXXXXXXXXXXX" eventtime=1751090760672765479 tz="+0800" logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="1751090760" user="admin" ui="ssh(192.168.100.112)" method="ssh" srcip=192.168.100.112 dstip=192.168.100.254 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from ssh(192.168.100.112)"
web login
Jun 28 14:07:10 192.168.100.254 date=2025-06-28 time=14:07:09 devname="Test-FW" devid="FGVMEXXXXXXXXXXX" eventtime=1751090829377377416 tz="+0800" logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="1751090829" user="admin" ui="http(192.168.100.112)" method="http" srcip=192.168.100.112 dstip=192.168.100.254 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from http(192.168.100.112)"
=======================================================
ssh config
Jun 28 13:48:30 192.168.100.254 date=2025-06-28 time=13:48:30 devname="Test-FW01" devid="FGVMEXXXXXXXXXXX" eventtime=1751089710571156282 tz="+0800" logid="0100032102" type="event" subtype="system" level="alert" vd="root" logdesc="Configuration changed" user="admin" ui="ssh(192.168.100.112)" msg="Configuration is changed in the admin session"
web config
Jun 28 13:58:07 192.168.100.254 date=2025-06-28 time=13:58:07 devname="Test-FW" devid="FGVMEXXXXXXXXXXX" eventtime=1751090286557611095 tz="+0800" logid="0100032222" type="event" subtype="system" level="notice" vd="root" logdesc="Global setting changed" user="admin" ui="GUI(192.168.100.112)" field="hostname" old_value="Test-FW01" new_value="Test-FW" msg="User admin changed hostname global setting to Test-FW from GUI(192.168.100.112)"
==================================================
