Created on 05-10-2019 05:49 AM Edited on 12-02-2024 04:39 AM By Anthony_E
Description
This article describes how to integrate EMS and FortiClient in the FortiAnalyzer so that it can centralize logging.
Scope
FortiAnalyzer.
Solution
Verify the compatibility of the EMS server and FortiClient with the FortiAnalyzer. This can be found on the FortiClient release note, on the EMS release note and on the FortiAnalyzer release note.
Note:
The new Fabric ADOM can also be used since FortiAnalyzer 6.2 to receive logs from the FortiClient stations.
Configure the https-logging from FortiAnalyzer via CLI:
port1)# show
config system interface
edit "port1"
set ip 10.47.3.65 255.255.240.0
set allowaccess ping ssh https https-logging
next
end
Connect the FortiClient to the EMS server as follows:
Check that the EMS detects the client.
Enable Antivirus detection or Web Filter to generate logs from the FortiClient as follows:
Push the new updated profile.
Go on the FortiClient and generate logs using a web browser or EICAR virus detection. Navigate here from the FortiClient station to download EICAR virus detection.
Related articles:
Technical Tip: Control logging from FortiClient EMS to FortiAnalyzer
DOCS: Configuring log storage policy
Technical Tip: How to make multitenancy visible from FortiAnalyzer
Technical Tip: How to run a FortiClient Endpoint Antivirus scanning using FortiSoC Playbook
Technical Tip: How to determine the failed status from FortiSoC Playbook monitor
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.