Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
t-admin
New Contributor

Fortianalyzer Installed EMS features report returning blank fields for several endpoints

Environment Context:

FortiClient EMS Cloud (7.0.6) -> FortiAnalyzer VM hosted (7.0.4)

 

I am trying to extract a report showing a breakdown of all our EMS endpoints, along with their installed and enabled features (av, fw, vuln, etc).

 

This is proving to be really difficult, but using the log viewer as a starting point, I get this query:

 

select `uid`, string_agg(distinct `user`, ' ') as user__agg_, string_agg(distinct `hostname`, ' ') as hostname__agg_, string_agg(distinct `epenfeatures`, ' ') as epenfeatures__agg_, string_agg(distinct `epfeatures`, ' ') as epfeatures__agg_ from ###(select `uid`, `user`, `hostname`, `epenfeatures`, `epfeatures` from $log where $filter group by `uid`, `user`, `hostname`, `epenfeatures`, `epfeatures` order by `uid` desc)### t group by `uid` order by `uid` desc

 

The problem I'm currently having is that many of these fields (especially 'epenfeatures') are returning empty for most endpoints, when I can clearly see that data in FortiClient EMS Cloud.

6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Hello t-admin,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

We are still looking for a solution to your question.

We will come back to you as soon as we got it.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

I have found this document:

 

https://docs.fortinet.com/document/forticlient/7.0.4/ems-administration-guide/918808/sending-endpoin...

 

Could you please tell me if you can find helping information?

 

Regards,

Anthony-Fortinet Community Team.
t-admin

Hi @Anthony_E , thanks for the link.

 

I have already tried using tags as shown in that document, and by using zero trust tags, but there are no rules for getting the installed features and custom tags would mean manually tagging every endpoint.

 

Anthony_E
Community Manager
Community Manager

Hello t-admin,

 

No problem at all.

We will contine to look for a solution.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello t-admin,

 

I am still looking for a solution.

 

Meanwhile, did you try to upgrade your units with the last version?

 

Regards,

Anthony-Fortinet Community Team.
Top Kudoed Authors