FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 198676
This article gives an overview of default FSSO components, component file paths and registry keys locations.
FSSO consists of three components, depending on the layout.
Older documents and paths still refer to it as Fortinet Server Authentication Extension (FSAE).

1) FSSO Collector Agent - Agent collecting logon events of various types.
2) FSSO DCAgent - Agent running on a Domain Controller for pushing information to the Collector
3) FSSO TSAgent - Agent running on Terminal Servers, pushing logons of users, distinguished by port ranges instead.

Each component has its own path and registry keys.

Collector Agent.

All files and logs are stored under C:\Program Files (x86)\Fortinet\FSAE.

Important files that need for troubleshooting include.

- collectoragent.log - main FSAE log file.
- logoncache.dat - logons caching file.
- groupcache.dat - group caching file.
- fortilog.txt - dcagent installation log.
- logon_event.log - logon event log, created when checking 'Log logon events in separate logs' from Collector Agent GUI.
- saved_config.txt - the configuration, when exported from the Collector Agent GUI.

All registry settings are stored under:


All registry settings are stored under [HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FSAE\dcagent].

The noteable file is the dcagent.dll and it is stored in C:\Windows\system32\dcagent.dll.
DCAgent logging is disabled by default.
It can be enabled by modifying the 'enable_log' parameter under DCagent registry key (from default 0 to 1).

The 'log_file' parameter allows the setting of the setup path and filename for the DCAgent log file.
The default value is C:\Program Files\Fortinet\FSAE\dcagentlog.txt

TS Agent.

Its files are stored in the same directory as the ones of the Collector Agent.
C:\Program Files (x86)\Fortinet\FSAE.

Notable here is only the tsalog.log - which contains the log, viewable from GUI as well.

All registry settings are stored under: