FortiClient user avatar
FortiClient user avatars are included in logs sent to FortiAnalyzer. Where you can view FortiClient logs and avatars in FortiAnalyzer depends on the version of FortiClient and whether FortiClient Telemetry connects to FortiGate or to FortiClient Endpoint Management Server (EMS):
- When FortiClient Telemetry connects to FortiGate, FortiClient sends logs (including avatars) to FortiGate, and the logs display in FortiAnalyzer under the FortiGate device as a sub-type of security.
The avatar is synchronized from FortiGate to FortiAnalyzer by using the FortiOS REST API.
-
When FortiClient Telemetry connects to FortiClient EMS, FortiClient sends logs (including avatars) directly to FortiAnalyzer, and logs display in a FortiClient ADOM.
The following table summarizes where FortiClient versions can establish Telemetry connections:
FortiClient Version |
Where FortiClient Telemetry Connects |
Location of Logs in FortiAnalyzer |
---|---|---|
FortiClient 6.0.x and earlier
|
FortiGate |
Under the FortiGate device as a sub-type of security |
FortiClient EMS |
In a FortiClient ADOM |
|
FortiClient 6.2.x and later | FortiClient Telemetry can connect only to FortiClient EMS | In a FortiClient ADOM |
Enabling logging from FortiClient to FortiAnalyzer
FortiClient 6.0.x and 6.2.x can send logs directly to FortiAnalyzer when FortiClient Telemetry connects to FortiClient EMS, and logging to FortiAnalyzer is enabled in FortiClient EMS.
This section provided a high-level overview of how to configure FortiClient to send logs directly to FortiAnalyzer. With this configuration, FortiClient logs are displayed in the FortiClient ADOM in FortiAnalyzer.
To enable logging from FortiClient to FortiAnalyzer:
- Install FortiClient on endpoints.
- Install FortiClient EMS on a Windows server.
- In FortiClient, connect Telemetry to FortiClient EMS.
- In FortiClient EMS, edit a profile to enable Upload Logs to FortiAnalyzer/FortiManager and the associated settings, and ensure the profile is assigned to the endpoints.
FortiClient automatically receives the profile from FortiClient EMS, and the profile updates FortiClient settings on the endpoint. FortiClient now sends logs to FortiAnalyzer.
- In FortiClient, go to Settings to view the settings in the Logging section.
You can also view the settings in the FortiClient configuration file:
- On the FortiClient endpoint, you can force FortiClient to resend avatar metadata to FortiAnalyzer by ending the FortiTray.exe service.