Strange excessive log polling behavior of FortiClient and FortiTray

Question

While troubleshooting a FortiClient VPN issue, in Sysinternals Process Monitor I noticed that the client components are generating hundreds of events per second, continuously polling FortiTray_1.log, guimessenger_1.log and sslvpndaemon_1.log trace files in the user's AppData. No data is written, they're just opened, queried and closed. This happens even on a fresh unconfigured 7.0.6 install. It is just a minor nuisance and easy to filter oyt, but it might be indicative of some sort of internal application issue because for me it is very rare to encounter software with this kind of behavior. I figured I'd mention it here for it to maybe get noticed.

Additionally, I've seen that sslvpndaemon_1.log will log "[sslvpndaemon 515 debug] FortiSslvpn: CSslvpnBase::RefreshConnection() Called." every 2 seconds once it's started, and will keep doing it even after the vpn is disconnected. None of the log-related items in the xml config or in the windows registry seem to have an effect. It is unusual to see debug-level verbosity being used in production like that. The other two files are written less frequently.

I have checked an earlier 6.5 install and saw that none of these files were being logged, the appdata trace dir was empty. That also means that none of the abovementioned polling was happening.

btan · Answer

Hi hpadm,

When logging level is set to "debug", FCT will write into logs\trace\ folder, it is expected.

We only set to "debug" when we need troubleshooting.

You can edit the logging level in FCT > settings > log > log level > change to Information if you do not want excessive logging.

If FCT is connected to EMS, you will have to configure this under Endpoint profile.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded