FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Article Id 246863

This article describes how to collect Forticlient EMS on-premise logs by Diagnostic tool and which considerations need to be taken. 


1) It is recommended to have debug enabled by the GUI console at Log Setting before any log recording and analysis:




2) Access the windows server directory where the FortiClient EMS is installed and locate the DiagnosticTool.exe.


The tool is located by default at:
C:\Program Files(x86)\Fortinet\FortiClientEMS\EMSDiagnosticTool.exe




It is recommended to execute with administrator rights.


3) Diagnostic tool will gather information on EMS logs and Windows server information and events, need to be patient due to such a task can take several minutes depending on server capabilities and the quantity of information that need to be gathered. 




4) After the competition a compressed filed name: '' is created once it is executed.


If the windows folder with the EMS log file is not open automatically, the output file is located at:





Such files can be used to check logs and further troubleshoot at Forticlient EMS on-premise side.

Scope FortiClient EMS.
Solution Gathering the correct information and following appropriate procedure help to do better troubleshooting.