We're using Forticlient EMS and in our new profile I've setup the Web Filtering. Now I also actived the Log all URLS and Log all user initiated traffic.
But somehow I can't find the log files of that part. I can see logs by going to View and then View logs. But I went to a blocked site on a client and I cant find the traffic/event in those logs. The logs are setup from info to emergency.
Are these logs only client based or am I just looking at the wrong part of EMS?
Those options are related to the integration between EMS and FortiAnalyzer as a repository for FortiClient traffic. Changes in there will affect traffic on FortiView options for endpoints on FortiAnalyzer (see attached). As for now, EMS cannot store client logs (its not a log repository, as the Analyzer), only its own server events (View Logs option). As for the client, it can only view violations of the WebFilter sensors. It also cannot store traffics logs.
To configure log submission to FortiAnalyzer, go to the Endpoint profile - System Settings - Log Settings.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.