FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Article Id 257440
Description This article describes how to enable debug log level on FortiClient endpoints managed by EMS and how to remotely collect it.
Scope FortiClient endpoints managed by EMS.

1) Access the EMS using a user with admin privileges:




2) Go to Endpoint Profiles -> System Settings, select the profile in which the endpoint is assigned, and then select 'Edit':




3) On System Settings Profile, select 'Advanced', at the right superior part of the screen:




4) scroll down a little bit to the 'Log' part, change the 'Level' to 'Debug', and if necessary keep selecting only the desired log features, then select 'Save':




5) Wait for at least 1 minute, in order for the update to be sent to all the endpoints part of this profile, then confirm at the desired endpoint that the debug level was changed:




6) After that, it is possible to proceed with all the tests. Once finished, it is possible to export the debug logs either on the local machine or remotely via EMS, to collect via EMS go to Endpoints -> All Endpoints.


7) Select the endpoint, then select Action -> Request FortiClient Logs:




8) Wait a couple of minutes, then with the endpoint selected select Action -> Download Available FortiClient Logs:




9) A warning message will appear: 'Are you sure you want to download the endpoint log files for the selected client?', select 'Download':




10) Select the directory to save the log and then select 'Save':




Now the debug log of the intended endpoint was downloaded and is available for analysis.