Troubleshooting Tip: Avoid delay in sending FortiClient logs to FortiAnalyzer
| Description | This article describes how to avoid delay in sending FortiClient logs to FortiAnalyzer. | |||||||||
| Scope | EMS on-prem and Cloud | |||||||||
| Solution | Sometimes FortiAnalyzer will be delayed receiving the FortiClient logs in real-time when all log types (UTM, System Event, Security Event, Software Inventory, OS Events, and etc) were enabled to send.
Amend below default setting in EMS can fix the delay issue. Navigate to EMS GUI -> Endpoint Profiles -> System Settings -> select desired endpoint profiles -> Edit -> Log -> Upload Logs to FortiAnalyzer/FortiManager.
The time to generate log every X second must be shorter than or equal to the Upload Schedule time.
However, there is no recommended setting as it depends on which interval suits the customer environment. |
