Technical Tip: How to send FortiClient logs to For...

FortiClient

FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.

Article Id 257227

Description

This article describes how to send logs from managed FortiClient endpoints to FortiAnalyzer.

Scope

FortiClient endpoints that are managed by FortiClient EMS.

Solution

Access the FortiClient EMS with admin privileges:

Go to Endpoint Profiles -> System Settings:

Select the desired profile and then select 'Edit':

Then scroll down to the Log part and select the option 'Upload Logs to FortiAnalyzer/FortiManager':

Select the desired logs.

It is possible to change the telemetry interval, which means the frequency at which the FortiClient will send the logs to the FortiAnalyzer.

Make sure to configure the FortiAnalyzer IP address or FQDN and port below:

For FortiClientEMS-Cloud and FortiAnalyzer-Cloud:

Both FortiClient-Cloud and FortiAnalyzer-Cloud should be under the same account.
FortiClientEMS-Cloud has a button option ('Auto-config FAZ Cloud') that should auto-fill the FQDN of the FortiAnalyzer-Cloud.

image (7).png

Select 'Save' at the end.

After that, the logs will be sent to the FortiAnalyzer as well. By default, port 514-TCP is used; ensure to allow this communication in VIP and/or Firewall Policies.

It can show logs related to FortiClient traffic, all events, and also show vulnerability logs.

4356

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to send FortiClient logs to FortiAnalyzer

You are leaving our website