Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
MZBZ
Staff
Staff

Created on ‎11-18-2024 11:38 PM Edited on ‎11-19-2024 10:12 PM By Community Manager

Article Id 358509

Technical Tip: How to use emscli CLI tool to manage FortiClient EMS 7.4.1+ from Linux shell

Description This article describes the new emscli tool available with FortiClient EMS 7.4.1+ which provides some read-and-write configuration options for controlling and managing FortiClient EMS (Linux-based).
Scope FortiClient EMS 7.4.1+ (Linux-based).
Solution

The newly introduced emscli CLI tool can be located inside /opt/forticlientems/bin/. Accessing this directory and running the tool needs root permission or membership of the 'forticlientems' group.

If the tool is run directly within /opt/forticlientems/bin/ directory, it should be executed with ./emscli.

 

MZBZ@mzems74:~$ sudo -i
root@mzems74:~# cd /opt/forticlientems/bin

root@mzems74:/opt/forticlientems/bin# pwd
/opt/forticlientems/bin
root@mzems74:/opt/forticlientems/bin# ./emscli --help
EMS CLI (7.4.1.1872) - A convenient command line tool for exploring EMS and services
as well as maintaing its configuration

Use "emscli [command] --help" for more information about a command.

 

If the tool is run from a non-root shell, sudo with a full path must be used:

 

MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli --help
EMS CLI (7.4.1.1872) - A convenient command line tool for exploring EMS and services
as well as maintaing its configuration

Use "emscli [command] --help" for more information about a command.

 

Command guide:

 

. emscli inline help:

This tool is delivered with complete and extensive inline help which is accessible by --help or -h flag:

 

./emscli -h
./emscli config -h
./emscli diag -h
./emsclid diag endpoint -h

./emscli config set console -h

 

  1. To list EMS services and status:

 

MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli service get --all
[fcems_probe] -> [PID: 847][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_reg] -> [PID: 848][active] [running] [CPU: 0.1%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_pgbouncer] -> [PID: 932][active] [running] [CPU: 0.1%, RAM: 0.0%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_tag] -> [PID: 851][active] [running] [CPU: 0.1%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[apache2] -> [PID: 2280][active] [running] [CPU: 0.0%, RAM: 0.0%] -> Mon 2024-11-11 17:04:51 UTC; 1 week 0 days ago
[fcems_ecsocksrv] -> [PID: 2287][active] [running] [CPU: 0.0%, RAM: 0.3%] -> Mon 2024-11-11 17:04:51 UTC; 1 week 0 days ago
[fcems_notify] -> [PID: 2454][active] [running] [CPU: 0.0%, RAM: 0.1%] -> Mon 2024-11-11 17:04:51 UTC; 1 week 0 days ago
[fcems_wspgbouncer] -> [PID: 942][active] [running] [CPU: 0.0%, RAM: 0.0%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_das] -> [PID: 832][active] [running] [CPU: 4.1%, RAM: 0.5%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_monitor] -> [PID: 844][active] [running] [CPU: 0.9%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_ka] -> [PID: 842][active] [running] [CPU: 0.1%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_ztna] -> [PID: 856][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_chromebook] -> [PID: 2502][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:52 UTC; 1 week 0 days ago
[fcems_addaemon] -> [PID: 833][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_forensics] -> [PID: 838][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_scep] -> [PID: 849][active] [running] [CPU: 0.0%, RAM: 0.0%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_upload] -> [PID: 854][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_mdmproxy] -> [PID: 843][active] [running] [CPU: 0.0%, RAM: 0.1%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_adevtsrv] -> [PID: 2446][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:51 UTC; 1 week 0 days ago
[fcems_update] -> [PID: 853][active] [running] [CPU: 0.2%, RAM: 0.3%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_task] -> [PID: 852][active] [running] [CPU: 0.1%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_sip] -> [PID: 850][active] [running] [CPU: 0.0%, RAM: 1.1%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_installer] -> [PID: 2468][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:52 UTC; 1 week 0 days ago
[fcems_adconnector] -> [PID: 834][active] [running] [CPU: 0.0%, RAM: 0.1%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_dbop] -> [PID: 835][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_deploy] -> [PID: 836][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_ftntdbimporter]-> [PID: 839][active] [running] [CPU: 0.0%, RAM: 0.7%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago
[fcems_adtask] -> [PID: 830][active] [running] [CPU: 0.0%, RAM: 0.2%] -> Mon 2024-11-11 17:04:23 UTC; 1 week 0 days ago

 

  1. Retrieve current database settings of EMS:

    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get db --help
    retrieves DB specific config
    Usage:
    emscli config get db [db.user|db.host|db.port|db.passsword] [flags]
    Flags:
    -h, --help help for db
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get db db.user
    db.user => postgres
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get db db.password
    db.password => H9kpwLqXXXXXXXXXXXX4Fy1EAk
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get db db.port
    db.port => 5432
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get db db.host
    db.host => localhost

     

  2. Retrieve the current EMS console (Web UI) settings:

    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get console --help
    Retrives admin console (EMS GUI) specific configuration
    Usage:
    emscli config get console [allowed.hosts|http.port|https.port|fileserver.port|remote.access] [flags]
    Flags:
    -h, --help help for console
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get console allowed.hosts
    allowed.hosts => *
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get console http.port
    http.port => 80
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get console https.port
    https.port => 443
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get console fileserver.port
    fileserver.port => 10443
    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config get console remote.access
    remote.access => enabled

     

  3. To set/change/update EMS console Web UI settings:

    MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli config set console -h
    Sets auto upgrade specific configuration
    Usage:
    emscli config set console [flags]
    Flags:
    --allowed.hosts string Comma separated list, with not spaces of allowed hosts to refer to the console with
    --disable.remote.access Disables remote https access to the EMS console
    --enable.remote.access Enables remote https access to the EMS console
    --fileserver.port int New fileserver port for the EMS console. By default it uses port 10443
    -h, --help help for console
    --http.port int New http port for the EMS console. By default it uses port 80
    --https.port int New https port for the EMS console. By default it uses port 443

     

  4. Commands useful for troubleshooting:

    ./emscli service get --all (--describe will show severity and short description on each service)
    ./emscli service get web ka reg mdm
    ./emscli service stop monitor web
    ./emscli service restart das
    ./emscli service logs ka reg das (--follow) (--filter=ERROR)
    ./emscli service enable-debug das
    ./emscli service disable-debug das

  5. details for an endpoint to help with troubleshooting:

      

MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli diag endpoint --help
Shows details for an endpoint to help with troubleshooting

Usage:
emscli diag endpoint [flags]

Flags:
--dev-only Return only device data
--fct-only Return only fct & fct user data
--full Return all device, FCT and FCT user data
-h, --help help for endpoint
--id string The id for the endpoint. Can be a host name or the endpoint UUID
--logs Includes the latest log entries for the endpoint/device
--site string If using multitenancy, the name of the site. (default "default")

 

MZBZ@mzems74:~$ sudo /opt/forticlientems/bin/emscli diag endpoint --dev-only --id 75F8A154670347BFBB46722D2AEE0E05
Device:
os_version: Microsoft Windows 11 , 64-bit (build 22631)
samaccountname: <nil>
cpu: Intel(R) Xeon(R) Silver 4214R CPU @ 2.40GHz
dn:
model: VMware7,1
ip_addr: 192.168.100.111
host: MZBZ
dnshostname: <nil>
sn: VMware-56 4d 2a 78 26 9a c0 93-3d cf 59 de 08 8f ec b9
remote_ip: 192.168.100.111
blocked: false
install_uid: <nil>
public_ip_addr: 1.2.3.4
Labels:
913
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.