Created on
09-25-2025
10:14 PM
Edited on
10-06-2025
12:19 AM
By
Jean-Philippe_P
Description | This article provides the validation process when FortiAnalyzer only shows System Events in the FortiClient Logview Menu. |
Scope | FortiAnalyzer, FortiAnalyzer Cloud, FortiClient EMS. |
Solution |
Prerequisites:
Context: FortiAnalyzer categorizes the base on LogView according to the following sections:
It is a common scenario that after adding FortiClient EMS logging in FortiAnalyzer, the administrator can only see system events in the logview section of FortiAnalyzer.
If it were only assigned to the endpoint group, the system endpoint profile suspects something is wrong with the logging, because there are no logs related to traffic, but there are some other configurations that must be applied to ensure the information is being generated.
It could be confirmed that the connection between EMS and FortiAnalyzer was registered in FortiAnalyzer logs and the device manager status.
Confirm the configuration and assignment of the endpoint profiles; at least the web-filter profile must be assigned.
The endpoint must be generating traffic logs to be recorded.
Wait for the endpoints to send the logs to FortiAnalyzer, and after being inserted, the traffic section will be displayed.
Important considerations:
Related article: Technical Tip: How to integrate FortiClient EMS in the FortiAnalyzer |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.