Help
FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
jkoay
Staff
Staff

Created on ‎09-15-2024 11:47 PM

Article Id 341492

Technical Tip: How to export FortiEDR Component logs

Description

This article describes how to export FortiEDR component logs for troubleshooting
Scope FortiEDR On-Premise Manager, Aggregator, Core, Threat Hunting
Solution

To export logs of each FortiEDR component, follow steps below:

 

FortiEDR Manager logs:

Go to Inventory -> System Components -> Aggregators -> Show all Aggregators, select Aggregator -> Export -> System Logs. Note: System logs include manager and aggregator logs.

 

FortiEDR Aggregator logs: 

Go to Inventory -> System Components -> Aggregators -> Show all Aggregators, select Aggregator -> Export -> Aggregator Logs.

 

FortiEDR Core Logs:

Go to Inventory -> System Components -> Core -> Show all Cores, select Core -> Export -> Core Logs.

 

If exporting component logs is not possible via FortiEDR console, SSH to the components and export logs locally following commands below:

 

FortiEDR Manager logs:

 

tar -cvf webapp_logs.tgz /opt/FortiEDR/webapp/logs/

tar -cvf nginx_logs.tgz /var/log/nginx/

 

FortiEDR Aggregator logs:

 

tar -cvf aggregator_logs.tgz /opt/FortiEDR/aggregator/tmp/
tar -cvf nginx_logs.tgz /var/log/nginx/

 

FortiEDR Core Logs:

 

tar -czvf core.log.tgz /opt/FortiEDR/core/Logs/

 

FortiEDR Threat Hunting Logs:

 

/opt/FortiEDR/deployments/latest/deployment/ci-tools/get_logs.sh
529
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.