Technical Tip: Viewing FortiClient OS Events logs ...

FortiClient

FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.

Article Id 400322

Description

This article describes how to view FortiClient OS Events logs in FortiAnalyzer.

Scope

FortiClient v7.4.0+, FortiAnalyzer v7.4.6+.

Solution

FortiClient can be configured to send various types of logs to FortiAnalyzer, one of which is OS Events.

Below are the prerequisites to set up.

Configuring FortiAnalyzer:
Follow the admin guide to add a FortiClient ADOM (FortiClient ADOM is compulsory)

Configuring FortiClient EMS Endpoint Profile:

In FortiClient EMS -> Endpoint Profiles -> System Settings -> (select) -> Edit -> Advanced.
Toggle [Upload Logs to FortiAnalyzer] to ON.
In the Upload option section, toggle [Send OS Events] to ON.

Save the profile.

To view FortiClient OS Events logs in FortiAnalyzer:

Go to the FortiClient ADOM.
Go to Log View -> Log Browse -> SIEM log (File name = Xlog.log).

Double-click the SIEM.log, it will display the Windows OS Events.

Note: When setting this up for the first time, the first SIEM log may take a longer time to appear, as FortiAnalyzer will need some time to parse it for the first time.

310

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Viewing FortiClient OS Events logs in FortiAnalyzer

You are leaving our website