Fortinet Document Library

Version:


Table of Contents

Cookbook

6.2.0
Download PDF
Copy Link

FortiClient user avatar

FortiClient user avatars are included in logs sent to FortiAnalyzer. Where you can view FortiClient logs and avatars in FortiAnalyzer depends on the version of FortiClient and whether FortiClient Telemetry connects to FortiGate or to FortiClient Endpoint Management Server (EMS):

  • When FortiClient Telemetry connects to FortiGate, FortiClient sends logs (including avatars) to FortiGate, and the logs display in FortiAnalyzer under the FortiGate device as a sub-type of security.

    The avatar is synchronized from FortiGate to FortiAnalyzer by using the FortiOS REST API.

  • When FortiClient Telemetry connects to FortiClient EMS, FortiClient sends logs (including avatars) directly to FortiAnalyzer, and logs display in a FortiClient ADOM.

The following table summarizes where FortiClient versions can establish Telemetry connections:

FortiClient Version

Where FortiClient Telemetry Connects

Location of Logs in FortiAnalyzer

FortiClient 6.0.x and earlier

 

FortiGate

Under the FortiGate device as a sub-type of security

FortiClient EMS

In a FortiClient ADOM

FortiClient 6.2.x and later FortiClient Telemetry can connect only to FortiClient EMS In a FortiClient ADOM

Enabling logging from FortiClient to FortiAnalyzer

FortiClient 6.0.x and 6.2.x can send logs directly to FortiAnalyzer when FortiClient Telemetry connects to FortiClient EMS, and logging to FortiAnalyzer is enabled in FortiClient EMS.

This section provided a high-level overview of how to configure FortiClient to send logs directly to FortiAnalyzer. With this configuration, FortiClient logs are displayed in the FortiClient ADOM in FortiAnalyzer.

To enable logging from FortiClient to FortiAnalyzer:
  1. Install FortiClient on endpoints.
  2. Install FortiClient EMS on a Windows server.
  3. In FortiClient, connect Telemetry to FortiClient EMS.

  4. In FortiClient EMS, edit a profile to enable Upload Logs to FortiAnalyzer/FortiManager and the associated settings, and ensure the profile is assigned to the endpoints.

    FortiClient automatically receives the profile from FortiClient EMS, and the profile updates FortiClient settings on the endpoint. FortiClient now sends logs to FortiAnalyzer.

  5. In FortiClient, go to Settings to view the settings in the Logging section.

    You can also view the settings in the FortiClient configuration file:

  6. On the FortiClient endpoint, you can force FortiClient to resend avatar metadata to FortiAnalyzer by ending the FortiTray.exe service.

FortiClient user avatar

FortiClient user avatars are included in logs sent to FortiAnalyzer. Where you can view FortiClient logs and avatars in FortiAnalyzer depends on the version of FortiClient and whether FortiClient Telemetry connects to FortiGate or to FortiClient Endpoint Management Server (EMS):

  • When FortiClient Telemetry connects to FortiGate, FortiClient sends logs (including avatars) to FortiGate, and the logs display in FortiAnalyzer under the FortiGate device as a sub-type of security.

    The avatar is synchronized from FortiGate to FortiAnalyzer by using the FortiOS REST API.

  • When FortiClient Telemetry connects to FortiClient EMS, FortiClient sends logs (including avatars) directly to FortiAnalyzer, and logs display in a FortiClient ADOM.

The following table summarizes where FortiClient versions can establish Telemetry connections:

FortiClient Version

Where FortiClient Telemetry Connects

Location of Logs in FortiAnalyzer

FortiClient 6.0.x and earlier

 

FortiGate

Under the FortiGate device as a sub-type of security

FortiClient EMS

In a FortiClient ADOM

FortiClient 6.2.x and later FortiClient Telemetry can connect only to FortiClient EMS In a FortiClient ADOM

Enabling logging from FortiClient to FortiAnalyzer

FortiClient 6.0.x and 6.2.x can send logs directly to FortiAnalyzer when FortiClient Telemetry connects to FortiClient EMS, and logging to FortiAnalyzer is enabled in FortiClient EMS.

This section provided a high-level overview of how to configure FortiClient to send logs directly to FortiAnalyzer. With this configuration, FortiClient logs are displayed in the FortiClient ADOM in FortiAnalyzer.

To enable logging from FortiClient to FortiAnalyzer:
  1. Install FortiClient on endpoints.
  2. Install FortiClient EMS on a Windows server.
  3. In FortiClient, connect Telemetry to FortiClient EMS.

  4. In FortiClient EMS, edit a profile to enable Upload Logs to FortiAnalyzer/FortiManager and the associated settings, and ensure the profile is assigned to the endpoints.

    FortiClient automatically receives the profile from FortiClient EMS, and the profile updates FortiClient settings on the endpoint. FortiClient now sends logs to FortiAnalyzer.

  5. In FortiClient, go to Settings to view the settings in the Logging section.

    You can also view the settings in the FortiClient configuration file:

  6. On the FortiClient endpoint, you can force FortiClient to resend avatar metadata to FortiAnalyzer by ending the FortiTray.exe service.