Troubleshooting Tip: FortiClient Logs is not reaching FortiAnalyzer Cloud due to missing SNI in EMS XML Profile

fatihseyligli · ‎05-30-2025

Description

This article describes how to resolve a problem where FortiClient logs are not being uploaded to FortiAnalyzer Cloud because of the absence of 'log_uploadserver_sni' value in the EMS XML profile settings.

Scope

FortiClient EMS, FortiClient EMS Cloud.

Solution

Root Cause:

The issue occurs when the EMS profile does not have 'log_uploadserver_sni' value that is necessary for an effective SSL/TLS connection to the FortiAnalyzer Cloud service.

Although the log upload server is configured, without SNI (Server Name Indication), the FortiClient is unable to make an appropriate HTTPS connection to upload logs.

Below is an example working instance of a real EMS XML profile:

image (1) (1).png

<log_upload_enabled>1</log_upload_enabled>
<log_upload_server>(INSTANCE ID).eu-central-1.fortianalyzer.forticloud.com</log_upload_server>
<log_uploadserver_sni>(INSTANCE ID).support.fortinet.com</log_uploadserver_sni>
</remote_logging>
<onnet_local_logging>1</onnet_local_logging>
<log_events>

Note:

Replace [INSTANCE-ID] with the valid FortiAnalyzer Cloud instance ID.

Make sure that 'log_upload_enabled' is enabled to 1 and the server address and region are the same as per the licensed FortiAnalyzer Cloud instance.

It can take up to 1–2 hours after the configuration change for logs to appear.

Troubleshooting Tip: FortiClient Logs is not reaching FortiAnalyzer Cloud due to missing SNI in EMS XML Profile

You are leaving our website