Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
obhansali
Staff
Staff

Created on ‎10-24-2025 09:08 AM

Article Id 412703

Technical Tip: How to collect full logs from FortiSOAR

Description This article describes how to collect logs from FortiSOAR for troubleshooting and analysis purposes, using both the FortiSOAR GUI and the CLI.
Scope FortiSOAR.
Solution

Follow these steps to download FortiSOAR logs using the GUI:

  • Log in to FortiSOAR using the GUI: After logging in to FortiSOAR, navigate to the bottom-left corner of the interface and select on the @ symbol. This opens a pop-up displaying version information for the Application Engine, Playbook Engine, and other components. At the bottom of this pop-up, the 'Download Logs' button will appear. Select it to begin downloading the logs.

 

1.png
  • Download Log Options: Upon selecting Download Logs, a dialog box will appear, offering to password-protect the downloaded logs. Choose one:
    • Select 'Yes' to apply a password, providing enhanced security for the downloaded logs.
    • Select 'No, download without password' to download the logs without encryption.

 

3.png

 

  • Save the Logs: Once the logs are downloaded, they will be in a compressed format. Save the downloaded log file to a secure location on the system for future reference or analysis.

 

Follow these steps to download FortiSOAR logs using CLI:

  • SSH to the FortiSOAR VM as csadmin user: After logging in to the FortiSOAR CLI, run the command:

sudo csadm log --collect [PATH_TO_SAVE_FILE]

Replace [PATH_TO_SAVE_FILE] with the full file path where logs need to be saved. For example, the /tmp directory may be used.

2.png

 

Download the file from FortiSOAR VM to local machine: 

Files can be transferred from the FortiSOAR system to a local Windows machine using secure file transfer tools such as WinSCP or FileZilla. This Article focuses on WinSCP.
Kindly download WinSCP from its official download page. Once downloaded, launch the application.

In the Login window, enter the following details:
File Protocol: SFTP
Host name: FortiSOAR IP or hostname
Port number: default is 22
Username: csadmin
Password: Password for csadmin account

4.png

 

Select Login.
If it’s the first time connecting to WinSCP, a prompt will appear to accept the server's SSH host key: Select Yes.

In the right panel (FortiSOAR side), browse to the folder path where the file has been saved.
Once the file is located, right-click the file -> Download -> choose destination -> OK.

Once the file is downloaded, use it for future reference or analysis.
25
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.