FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
volkanavsar
Staff
Staff
Article Id 265965
Description

This describes the process of generating and exporting debug logs from various platforms running with FortiClient and FortiClient EMS.

Scope

FortiClient EMS, FortiClient EMS Cloud, FortiClient Windows, FortiClient Linux , FortiClient MacOS, FortiClient Android and FortiClient IOS.

Solution
  1. FortiClient EMS On-premises:

 

  1. Access the EMS console as a user with admin privileges.
  2. Under EMS -> System Settings -> Log Settings -> Log Level, change 'info' to 'debug'.
  3. Reproduce the issue being experienced.
  4. Navigate to EMS -> Administration -> Generate Diagnostic Logs -> Create.
  5. This operation may take a long time. Be patient.
  6. Once the log creation is complete, the 'Download' button will appear. Download the log.

 

1.jpg

 2.jpg

 

  1. FortiClient EMS Cloud:

     

    1. Access the EMS Cloud console via the support.fortinet.com portal.
    2. Under EMS -> System Settings -> Log Settings -> Log Level, change 'info' to 'debug'.
    3. Reproduce the issue being experienced.
    4. Navigate to EMS -> Administration -> Generate Diagnostic Logs -> Create.
    5. This operation may take a long time. Be patient.
    6. Once the log creation is complete, the 'Download' button will appear. Download the log.

     3.jpg

     

    4.jpg

     

    1. Access the EMS console as a user with admin privileges.
    2. Navigate to EMS -> Endpoint Profile -> Select profile -> Edit -> System Settings -> use Advanced instead of Basic settings -> Log Level, then change 'info' to 'debug' and select all features.
    3. Confirm the setting by ensuring 'Debug' is selected under FortiClient -> the 'Settings' section -> Log Level.
    4. Reproduce the issue being experienced and take note of the exact timestamp of the events.
    5. Under FortiClient -> section About -> Diagnostic Tool, check the details are correct and run the Diagnostic Tool. The output file should have a *.cab or *.zip extension, depending on the version, and will usually be present in %temp%\Diagnostic_Result or %LOCALAPPDATA%\FortiClient\tmp\Diagnostic_Result\.

      FortiClient Windows.

 

It is recommended to revert the configuration after collecting the debug logs. To do so, navigate to EMS -> Endpoint Profile -> select -> Edit -> System Settings -> use Advanced instead of Basic settings -> Log Level -> change 'debug' to 'info' -> De-select features that are not needed (or all of them).

 

  1.  

    5.jpg

     

    6.jpg

     

    7.jpg

     

    1. Access the EMS console as a user with admin privileges.
    2. Navigate to EMS -> Endpoint Profile -> select a profile -> Edit -> System Settings -> use Advanced instead of Basic settings -> Log Level -> Change 'info' to 'debug' -> select all features.
    3. Confirm the setting by ensuring 'Debug' is selected under FortiClient -> the 'Settings' section -> Log Level.
    4. Reproduce the issue being experienced and take note of the exact timestamp of the events.
    5. Find the output file under FortiClient -> the 'Settings' section -> Log File -> Export logs. The output file should have a *.cab or *.zip extension, depending on the version.

      FortiClient MacOS.

 

It is recommended to revert the configuration after collecting the debug logs. To do so, navigate to EMS -> Endpoint Profile -> select -> Edit -> System Settings -> use Advanced instead of Basic settings -> Log Level -> change 'debug' to 'info' -> De-select features that are not needed (or all of them).

 

  1.  

    10.jpg

     

  1. FortiClient Linux.

     

    1. Access the EMS console as a user with admin privileges.
    2. Navigate to EMS -> Endpoint Profile -> select profile -> Edit -> System Settings -> use Advanced instead of Basic settings -> Log Level, then change 'info' to 'debug' and select all features.
    3. Reproduce the issue being experienced.
    4. Make sure 'Debug' is selected under FortiClient > section Settings>Log Level.
    5. Find the output file under FortiClient -> the 'Settings' section -> Log File -> Export logs. The output file should have a *.cab or *.zip extension, depending on the version.

     

 

It is recommended to revert the configuration after collecting the debug logs. To do so, navigate to EMS -> Endpoint Profile -> select -> Edit -> System Settings -> use Advanced instead of Basic settings -> Log Level -> change 'debug' to 'info' -> De-select features that are not needed (or all of them).

 

12.jpg

 

13.jpg

 

  1. FortiClient Android. It is possible to email FortiClient (Android) logs to Fortinet. To do this:

    1. Tap About.
    2. Tap Send Feedback Email:

     15.jpg

     

    16.jpg

     

  2. FortiClient IOS.It is possible to email FortiClient (IoS) logs to Fortinet. To do this:

    1. Tap About.
    2. Tap Diagnostic.
    3. Swipe right to enable Logging.
    4. Tap Report an Issue.
                                                         

    17.jpg

     

    18.jpg

     

    19.jpg

 

  1. To manually collect logs from FortiClient EMS version 7.4.x (Linux-based) when the EMS Console is inaccessible, run the following command in the terminal with elevated privileges using sudo:

 

sudo /opt/forticlientems/bin/diagnostic_tool -o /tmp/diag

EmsLinuxDiagTool.png

 

The output file will have a .zip extension (/tmp/diag.zip in the following command). Once the logs are collected, download them from the /tmp/ directory:

/tmp/fortiems_logs.tar.gz
/tmp/postgresql_logs.tar.gz
/tmp/redis_logs.tar.gz 
/tmp/ufw_logs.txt 
/tmp/system_logs.txt

/tmp/diag.zip

Related article:
Technical Tip: Collecting EMS v7.4 logs manually when the EMS GUI is unreachable