Sending logs and software inventory reports to FortiAnalyzer or FortiManager
Sending logs and software inventory reports to FortiAnalyzer or FortiManager requires the following:
- FortiClient
- EMS
- FortiAnalyzer or FortiManager
When FortiClient connects Telemetry to EMS, the endpoint can upload logs and software inventory reports to FortiAnalyzer or FortiManager units on port 514 TCP.
Where you locate FortiClient logs and software inventory reports in FortiAnalyzer depends on where FortiClient Telemetry is connected:
- When FortiClient connects Telemetry to EMS, the FortiClient logs and software inventory reports display in the FortiClient ADOM in FortiAnalyzer. This scenario does not use FortiGate.
- When FortiClient connects Telemetry to FortiGate, the FortiClient logs and software inventory reports display in the FortiGate ADOM. Even if EMS is used with FortiGate to manage FortiClient endpoints, the FortiClient logs and software inventory reports still display in the FortiGate ADOM.
FortiClient collects information on regular software installed on the endpoint and sends the information to EMS and FortiAnalyzer. FortiClient sends the Software Inventory information when it first registers to EMS and when it first sends data to FortiAnalyzer. If software changes occur on the endpoint, such as installing new software, updating existing software, or removing existing software, FortiClient sends an updated inventory to EMS and FortiAnalyzer.
FortiClient Telemetry must connect to EMS for FortiClient to upload logs and software inventory reports to FortiAnalyzer or FortiManager. |