Hi @ all,
we have a Customer running FortiClients on their Endpoints and using an EMS-Server (v7.2.4 build 0983),
in the GUI section, Administration > Log Viewer, i can only see EMS-Server generated Events,
LDAP queries, admin logon Events, Settings updated etc., but no "on Endpoint x generated FCT Logs", like Security Events, FCT Web Filter block events as example.
Correct me please if i wanna see this events "FCT WebFilter" i have to go GUI: Endpoints > all Endpoints > search for Endpoint which got issues > execute >Action request FortiClient Logs, then search in the fclog.dat for the related log?
I was wondering because in the GUI Section Quarantine Managment > Files, in this Tab are Files and Endpoint listed, so the FortiClient forward this information via FortiTelemetry to the EMS-Server, triggered by scheduled AV-Scan or may on-prem Scan.
So is there the possibility to see this FCT-WF "Block" Events without the need of this Steps:
GUI: Endpoints > all Endpoints > search for Endpoint which got issues > execute >Action request FortiClient Logs
Thanks
me and my other selves <3 Fortinet
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 05-23-2024 07:37 AM Edited on 05-23-2024 07:39 AM
Hello @FortiTowel ,
I think, if you use the Security Fabric Adom type on FortiAnalyzer, you don't need to create a new Adom. It depends on your configuration. But I can be wrong. First, you can try without creating adom if it not working that way you can create a new adom for FortiClient.
As far as I know, you can't achieve this with security fabric. You need to create a firewall policy so clients can able to send their logs to FortiAnalyzer.
Hello @FortiTowel ,
If you have a FortiAnalyzer, you can send client logs to FortiAnalyzer. Otherwise, there is no option on EMS, every time you need to follow the path as you said.
You can review this document about how to integrate FortiClient and FortiAnalyzer for web filter logs.
Hello Mr. Ozkanalatas,
wow that was super fast Answer.
Okay so i have to realize it with ADOMs, okay.
Yeah the Customer has a FAZ and multiple FGT, running Forti-Sec-Fabric,
Hmm do i realy need seperate ADOMs, like in the Link you shared with me,
is there no option do it via Fabric, because, so i need to create on FGT, FW-Policy, in all Policies, where are FCT-Endpoints Integrated, FCT-integrated-Subnet > FAZ Subnet Port 514 Service FortiTelemetry allow?
Thank you, wish you a nice day!
Created on 05-23-2024 07:37 AM Edited on 05-23-2024 07:39 AM
Hello @FortiTowel ,
I think, if you use the Security Fabric Adom type on FortiAnalyzer, you don't need to create a new Adom. It depends on your configuration. But I can be wrong. First, you can try without creating adom if it not working that way you can create a new adom for FortiClient.
As far as I know, you can't achieve this with security fabric. You need to create a firewall policy so clients can able to send their logs to FortiAnalyzer.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1088 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.