Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
fatihseyligli
Staff
Staff

Created on ‎10-28-2024 07:39 AM Edited on ‎12-12-2024 10:08 PM By Moderator

Article Id 353378

Technical Tip: Collecting EMS v7.4 logs manually when the EMS GUI is unreachable

Description This article describes in detail how to connect to an EMS server running EMS v7.4.0 and manually collect essential logs for troubleshooting, which is particularly useful when the EMS GUI is inaccessible.
Scope FortiClient EMS v7.4.x.
Solution

Prerequisites:

  • Ensure SSH access is available to the EMS server.
  • It will be necessary to have sudo privileges to execute the commands and access the log directories.

 

Steps to Connect and Collect Logs:

  • Use SSH to connect to the EMS server. Replace the 'username' with the actual username and the 'EMS_IP' with the IP address of the EMS server.

 

ssh username@EMS_IP

 

  • After connecting, execute the following commands to gather EMS, PostgreSQL, Redis, UFW, and system-related logs. These commands will save the log files in the /tmp/ directory for easy retrieval.

 

EMS Logs:

 

sudo tar -czf /tmp/fortiems_logs.tar.gz /var/log/forticlientems/

 

Apache Logs:

 

sudo tar -czf /tmp/apache_logs.tar.gz /var/log/apache2

 

PostgreSQL Logs:

 

sudo tar -czf /tmp/postgresql_logs.tar.gz /var/log/postgresql/

 

Redis Logs:

 

sudo tar -czf /tmp/redis_logs.tar.gz /var/log/redis/


UFW (Firewall) Logs:

 

sudo journalctl -u ufw --since -10d > /tmp/ufw_logs.txt

 

VM System Logs:

 

sudo journalctl -x --since -10d > /tmp/system_logs.txt

 

EMS diagnostic tool log generator:
This binary file is located inside the /opt/forticlientems/bin/ directory. A diagnostic report zip file can be created by running the following command inside the Linux shell. The output file will have a .zip extension (/tmp/diag.zip in the following command).

 

sudo /opt/forticlientems/bin/diagnostic_tool -o /tmp/diag

 

EmsLinuxDiagTool.png

 

Once the logs are collected, download them from the /tmp/ directory to the local system for analysis.

 

To download the logs:

 

  • Open a new terminal on the local machine.
  • Use SCP (Secure Copy Protocol) to download the files from the EMS server to the local machine.
  • Replace the username, EMS_IP, and the paths as necessary.

 

scp username@EMS_IP:/tmp/fortiems_logs.tar.gz ~/Desktop/

scp username@EMS_IP:/tmp/apache_logs.tar.gz ~/Desktop/
scp username@EMS_IP:/tmp/postgresql_logs.tar.gz ~/Desktop/
scp username@EMS_IP:/tmp/redis_logs.tar.gz ~/Desktop/
scp username@EMS_IP:/tmp/ufw_logs.txt ~/Desktop/
scp username@EMS_IP:/tmp/system_logs.txt ~/Desktop/

scp username@EMS_IP:/tmp/diag.zip ~/Desktop/

 

Each file will be saved to the desktop (or the directory specified) for further review or sharing with the support team.
1470
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.