Okay, here we go:
1) This is probably going to be something to do with what auditing and logging you have the firewall set to collect, and what it does with that collection. The LEM collects logs passively, so if you're not sending the LEM user audit logs, it's not going to see them. You're probably going to have to check out Fortinet's docs to make sure your configuration is right for collecting and sending that information.
2) It sounds like you might benefit from checking out some of the LEM training materials, and seeing if that helps with the task at hand. There's a wealth of stuff here: Log & Event Manager (LEM) - Updated July 15, 2014. You may also want to check out the LEM video playlist on YouTube: Log & Event Manager (LEM) - YouTube, like this video on how to create rules:
My one pro-tip on rules would be this: never ever use the Any Alert Event Group on a rule. It'll chew up memory, and can crash the LEM.
3) Yes! You can get the Agent installers for Sun Solaris from the customer portal or from this link: SolarWinds Knowledge Base :: Additional LEM downloads for version 6.0
There should be a readme in that download on how to deploy the Agent.
4) Samples of rules are provided in the LEM console itself. Go to Build Rules, pick a category or Tag and look at the Rule Templates. These are provided as samples to help you get started with configuring the LEM.
