Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
david_pereira
Staff & Editor
Staff & Editor

Created on ‎05-21-2023 09:58 PM Edited on ‎06-15-2025 01:33 PM By Moderator

Article Id 257227

Technical Tip: How to send FortiClient logs to FortiAnalyzer

Description This article describes how to send logs from managed FortiClient endpoints to FortiAnalyzer.
Scope FortiClient endpoints that are managed by EMS.
Solution

Access the EMS with admin privileges:

 

Img001.jpg

 

Go to Endpoint Profiles -> System Settings:

 

Img002.jpg

 

Select the desired profile and then select 'Edit':

 

Img003.jpg

 

Then scroll down to the Log part and select the option 'Upload Logs to FortiAnalyzer/FortiManager':

 

Img004.jpg

 

Select the desired logs.

It is possible to change the telemetry interval, which means the frequency at which the FortiClient will send the logs to the FortiAnalyzer.

 

Make sure to configure the FortiAnalyzer IP address or FQDN and port below:

 

Img005.jpg

 

Select 'Save' at the end.

After that, the logs will be sent to the FortiAnalyzer as well. By default, port 514-TCP is used; ensure to allow this communication in VIP and/or Firewall Policies.

It can show logs related to FortiClient traffic, all events, and also will show vulnerability logs. 

 

EMS 10.png


Related article:

Technical Tip: How to integrate EMS in the FortiAnalyzer
4044
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.