Skip to main content
FortiTowel
FortiTowel
New Member
May 23, 2024
Solved

EMS-Server logview FCT WF Events on EMS-Server GUI

  • May 23, 2024
  • 2 replies
  • 1317 views

Hi @ all,

 

we have a Customer running FortiClients on their Endpoints and using an EMS-Server (v7.2.4 build 0983),

in the GUI section, Administration > Log Viewer, i can only see EMS-Server generated Events,

LDAP queries, admin logon Events, Settings updated etc., but no "on Endpoint x generated FCT Logs", like Security Events, FCT Web Filter block events as example.

 

Correct me please if i wanna see this events "FCT WebFilter" i have to go GUI: Endpoints > all Endpoints > search for Endpoint which got issues > execute >Action request FortiClient Logs, then search in the fclog.dat for the related log?

 

I was wondering because in the GUI Section Quarantine Managment > Files, in this Tab are Files and Endpoint listed, so the FortiClient forward this information via FortiTelemetry to the EMS-Server, triggered by scheduled AV-Scan or may on-prem Scan.

So is there the possibility to see this FCT-WF "Block" Events without the need of this Steps:

 

GUI: Endpoints > all Endpoints > search for Endpoint which got issues > execute >Action request FortiClient Logs

 

Thanks

me and my other selves <3 Fortinet

 

 

Best answer by ozkanaltas

Hello @FortiTowel ,

 

I think, if you use the Security Fabric Adom type on FortiAnalyzer, you don't need to create a new Adom. It depends on your configuration. But I can be wrong. First, you can try without creating adom if it not working that way you can create a new adom for FortiClient.

 

As far as I know, you can't achieve this with security fabric. You need to create a firewall policy so clients can able to send their logs to FortiAnalyzer.

2 replies

ozkanaltas
ozkanaltas
Valued Contributor III
May 23, 2024

Hello @FortiTowel ,

 

If you have a FortiAnalyzer, you can send client logs to FortiAnalyzer. Otherwise, there is no option on EMS, every time you need to follow the path as you said.

 

You can review this document about how to integrate FortiClient and FortiAnalyzer for web filter logs.

 

https://community.fortinet.com/t5/FortiClient/Technical-Tip-Instructions-for-transmitting-FortiClient-Web/ta-p/281657

 

FortiTowel
FortiTowelAuthor
New Member
May 23, 2024

Hello Mr. Ozkanalatas,

 

wow that was super fast Answer.

Okay so i have to realize it with ADOMs, okay.

 

Yeah the Customer has a FAZ and multiple FGT, running Forti-Sec-Fabric,

 

Hmm do i realy need seperate ADOMs, like in the Link you shared with me,

is there no option do it via Fabric, because, so i need to create on FGT, FW-Policy, in all Policies, where are FCT-Endpoints Integrated,  FCT-integrated-Subnet > FAZ Subnet Port 514 Service FortiTelemetry allow?

 

Thank you, wish you a nice day!

 

ozkanaltas
ozkanaltasAnswer
Valued Contributor III
May 23, 2024

Hello @FortiTowel ,

 

I think, if you use the Security Fabric Adom type on FortiAnalyzer, you don't need to create a new Adom. It depends on your configuration. But I can be wrong. First, you can try without creating adom if it not working that way you can create a new adom for FortiClient.

 

As far as I know, you can't achieve this with security fabric. You need to create a firewall policy so clients can able to send their logs to FortiAnalyzer.

Terms & ConditionsAccessibility statement