Technical Tip: How to export FortiEDR Component lo...

FortiEDR

FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.

Article Id 341492

Description

This article describes how to export FortiEDR component logs for troubleshooting

Scope

FortiEDR On-Premise Manager, Aggregator, Core, Threat Hunting

Solution

To export logs of each FortiEDR component, follow steps below:

FortiEDR Manager logs:

Go to Inventory -> System Components -> Aggregators -> Show all Aggregators, select Aggregator -> Export -> System Logs. Note: System logs include manager and aggregator logs.

FortiEDR Aggregator logs:

Go to Inventory -> System Components -> Aggregators -> Show all Aggregators, select Aggregator -> Export -> Aggregator Logs.

FortiEDR Core Logs:

Go to Inventory -> System Components -> Core -> Show all Cores, select Core -> Export -> Core Logs.

If exporting component logs is not possible via FortiEDR console, SSH to the components and export logs locally following commands below:

FortiEDR Manager logs:

tar -cvf webapp_logs.tgz /opt/FortiEDR/webapp/logs/

tar -cvf nginx_logs.tgz /var/log/nginx/

FortiEDR Aggregator logs:

tar -cvf aggregator_logs.tgz /opt/FortiEDR/aggregator/tmp/
tar -cvf nginx_logs.tgz /var/log/nginx/

FortiEDR Core Logs:

tar -czvf core.log.tgz /opt/FortiEDR/core/Logs/

FortiEDR Threat Hunting Logs:

/opt/FortiEDR/deployments/latest/deployment/ci-tools/get_logs.sh

1020

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to export FortiEDR Component logs

You are leaving our website