This is a quick post on how to export logs from a FortiGate to FTP server. On FortiGates running FortiOS 5.6 and above, one can easily transfer all logs from memory to an FTP server.

How about secure copy, Fortinet?

This is useful if you don’t have access to a syslog server or would like to review them on a server rather than FortiOS. Use the command below to transfer all the logs

execute backup memory alllogs ftp 192.168.1.2 ftpuser ftppassword 
tlog memory log is empty.
Please wait...

Connect to ftp server 192.168.1.2 ...
Sent log file _elog.mlog to ftp server as mem_elog_FGTSERIALNUMBER_root_20180418_214705_mlog OK.
vlog memory log is empty.
wlog memory log is empty.
alog memory log is empty.
slog memory log is empty.
mlog memory log is empty.
plog memory log is empty.
dlog memory log is empty.
rlog memory log is empty.
flog memory log is empty.
olog memory log is empty.

For devices with a disk, replace the memory with disk

execute backup disk alllogs ftp

For FortiGates with a disk, you can specify the type of logs you want to export to FTP server as well.

E.g.:

execute backup disk alllogs ftp

where logtype could be one of the following

traffic, event, virus, webfilter, ips, emailfilter, anomaly, voip, dlp, app-ctrl, waf, dns
print