Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
cakkus
Staff
Staff

Created on ‎01-27-2025 08:42 AM Edited on ‎07-24-2025 06:47 AM By Moderator

Article Id 372855

Technical Tip: How to collect diagnostic logs from EMS and FortiClient for troubleshooting

Description This article describes the steps for collecting the diagnostic logs from FortiClient with debug mode and FortiClient EMS.
Scope All supported versions of FortiClient and EMS.
Solution

Several situations require collecting the diagnostic logs while there are no active telemetry connections.

 

EMS:

The logs for troubleshooting can be collected with the following method:

 

  1. Go under FortiClient EMS -> System Settings -> Log Settings and change 'info' to 'debug'.
  2. Location, server where FortiClient EMS is installed, C:\Program Files (x86)\Fortinet\FortiClientEMS\EMSDiagnosticTool.exe.
  3. Output - %temp% folder.
  4. It has a '*.cab' extension on it, for example: 'EMS-version-numbers.cab'.

 

Note: It will take some time.

 

FortiClient is registered to FortiClient EMS:

  1. Configuring and collecting Endpoint Debug logs under EMS -> Endpoint Profile, select Edit -> System Settings, use Advanced instead of Basic settings -> Log Level -> Change 'info' to 'debug, select all features.
  2. Reproduce the problem.
  3. Go under FortiClient -> Section 'About' -> Diagnostic Tool, check everything, run Diagnostic Tool, and the output file should have *.cab or *.zip extension, usually present in %temp%\Diagnostic_Result.
  4. Reverting configuration under EMS -> Endpoint Profile, select  Edit -> System Settings, use Advanced instead of Basic settings -> Log Level, change 'debug' to 'info' and deselect features not needed (or all of them).

 

FortiClient is not registered to EMS:

The logging option of the FortiClient can be changed:

 

There is a small lock icon at the bottom left. Selecting it will create a prompt asking for administrator privileges. When it is unlocked, change the log level in the settings to debug and reproduce the issue. After that, the logs will become collectible.

 

To enable the debug log level when FortiClient is not registered with EMS, see this article: Technical Tip: How to enable debug log in FortiClient.

 

  • For Windows: After, go to the Endpoint's FortiClient -> 'About' section > Diagnostic Tool -> Check everything -> Run Diagnostic Tool. The output file should have a *.cab extension, usually present in %temp%\Diagnostic_Result.
  • For Mac/Linux: After, go to the Endpoint's FortiClient -> 'Settings' section -> Logging -> Export Logs -> Select Location.

 

Labels:
1518
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.