Can you try sending that log data to a different facility than the Fortigate Firewalls and turning the level up to debug? That should show data pretty quickly.
Alternatively, when you're in checklogs, you can type a / and then the IP of the Mail system to see if that IP appears in the checklogs.
Thanks for the quick response.
I had previously tried changing the facility level to local2 and the severity level was already at the lowest level, Information (FortiMail does not have a debug level). Nothing ever showed up in the : Syslog local2 Log (Empty).
I searched for the IP address in the FortiGate log file and found nothing.
As long as the nDepth port in LEM and the port configured in FortiMail are the same, I should be ok, right? There is no specific port that needs to be used, is there?