FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
ymasaki
Staff
Staff
Description

This article describes how to retrieve the collector logs for basic troubleshooting.

Scope

FortiEDR Collector.

Solution

If the collector is currently connected to FortiEDR Central Manager, it is possible to retrieve the collector logs via management console:

 

1) Go to INVENTORY -> Collectors.

2) Select the checkbox of the Collector.

3) Select Export -> Collector Logs.

4) Select 'Download'.

5) Unzip the collector log file with the password 'enCrypted'.

 

ymasaki_0-1639040961128.png

 

If the collector is disconnected from FortiEDR Central Manager, it is possible to collect logs from the local collector machine (Windows, macOS and Linux):

 

Windows.

  • Run the following command:

"C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorService.exe" --support


Gather the files from the following location: %TEMP%\program_data_archive_support.zip

 

ymasaki_1-1639040961134.png

 

macOS.

 

Collector log location at:

In Terminal

  • /Applications/FortiEDR.app/FortiEDRCollector --support

 

Linux.

 

Collector log location at:

  • "/opt/FortiEDRCollector/Logs"