Logs, reports and alerts
The Log and Report menu lets you configure logging, reports, and alert email.
FortiMail units provide extensive logging capabilities for virus incidents, spam incidents and system events. Detailed log information and reports provide analysis of network activity to help you identify security issues and reduce network misuse and abuse.
Logs are useful when diagnosing problems or when you want to track actions the FortiMail unit performs as it receives and processes traffic.
This section includes:
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating reports
- Configuring alert email
- Viewing log messages
- Viewing generated reports
About FortiMail logging
FortiMail units can log many different email activities and traffic including:
- system-related events, such as system restarts and HA activity
- virus detections
- spam filtering results
- POP3, SMTP, IMAP and webmail events
You can select which severity level an activity or event must meet in order to be recorded in the logs. For more information, see “Log message severity levels” on page 668.
A FortiMail unit can save log messages to its hard disk or a remote location, such as a Syslog server or a Fortinet FortiAnalyzer unit. For more information, see “Configuring logging” on page 671. It can also use log messages as the basis for reports. For more information, see “Configuring report profiles and generating reports” on page 676.
Accessing FortiMail log messages
There are several ways you can access FortiMail log messages:
- On the FortiMail web UI, you can view log messages by going to Monitor > Log. For details, see the FortiMail Administration Guide.
- On the FortiMail web UI, under Monitor > Log, you can download log messages to your local PC and view them later.
- You can send log messages to a FortiAnalyzer unit by going to Log and Report > Log Settings > Remote Log Settings and view them on FortiAnalyzer.
- You can send log messages to any Syslog server by going to Log and Report > Log Settings > Remote Log Settings.
how long does the logs last in the fortimail?
Depends on a wide variety of things. Amount of logs being generated, amount of storage on the device, etc…
in fortigate logs, we have field logid=0315012546 where the last digit of this field i.e. ‘012546’ is referred as message id and it helps in understanding the logs in detail.
Does such thing applies in log_id field of fortimail as well?
I am almost exclusively using session ID log quantifiers now to review FortiMail logs.