Skip to main content
obhansali
Staff
obhansali
Staff
October 24, 2025

Technical Tip: How to collect full logs from FortiSOAR

  • October 24, 2025
  • 0 replies
  • 648 views
Description This article describes how to collect logs from FortiSOAR for troubleshooting and analysis purposes, using both the FortiSOAR GUI and the CLI.
Scope FortiSOAR.
Solution

Follow these steps to download FortiSOAR logs using the GUI:

  • Log in to FortiSOAR using the GUI: After logging in to FortiSOAR, navigate to the bottom-left corner of the interface and select on the ‘@’ symbol. This opens a pop-up displaying version information for the Application Engine, Playbook Engine, and other components. At the bottom of this pop-up, the 'Download Logs' button will appear. Select it to begin downloading the logs.

 

1.png
  • Download Log Options: Upon selecting Download Logs, a dialog box will appear, offering to password-protect the downloaded logs. Choose one:
    • Select 'Yes' to apply a password, providing enhanced security for the downloaded logs.
    • Select 'No, download without password' to download the logs without encryption.

 

3.png

 

  • Save the Logs: Once the logs are downloaded, they will be in a compressed format. Save the downloaded log file to a secure location on the system for future reference or analysis.

 

Follow these steps to download FortiSOAR logs using CLI:

  • SSH to the FortiSOAR VM as csadmin user: After logging in to the FortiSOAR CLI, run the command:

sudo csadm log --collect [PATH_TO_SAVE_FILE]

Replace [PATH_TO_SAVE_FILE] with the full file path where logs need to be saved. For example, the /tmp directory may be used.

2.png

 

Download the file from FortiSOAR VM to local machine: 

Files can be transferred from the FortiSOAR system to a local Windows machine using secure file transfer tools such as WinSCP or FileZilla. This Article focuses on WinSCP.
Kindly download WinSCP from its official download page. Once downloaded, launch the application.

In the Login window, enter the following details:
File Protocol: SFTP
Host name: FortiSOAR IP or hostname
Port number: default is 22
Username: csadmin
Password: Password for csadmin account

4.png

 

Select Login.
If it’s the first time connecting to WinSCP, a prompt will appear to accept the server's SSH host key: Select Yes.

In the right panel (FortiSOAR side), browse to the folder path where the file has been saved.
Once the file is located, right-click the file -> Download -> choose destination -> OK.

Once the file is downloaded, use it for future reference or analysis.
      Terms & ConditionsAccessibility statement