Fortinet white logo
Fortinet white logo

EMS Administration Guide

Configuring Logs settings

Configuring Logs settings

You can specify what level of log messages to capture in the logs for FortiClient EMS. You can also specify when to automatically delete logs and alerts.

To configure Logs settings:
  1. Go to System Settings > Logs.
  2. Configure the following options:

    Log level

    Select the level of messages to include in FortiClient EMS logs. For example, if you select Info, all log messages from Info to Emergency are added to the FortiClient EMS logs.

    Automatically clear logs older than

    Enter the number of days that you want to store logs. For example, if you enter 30, EMS stores logs for 30 days. EMS automatically deletes any logs older than 30 days.

    Automatically clear alerts older than

    Enter the number of days that you want to keep alerts. For example, if you enter 30, EMS keeps alerts for 30 days. EMS automatically deletes any alerts older than 30 days.

    Automatically clear events older than

    Enter the number of days that you want to keep events. For example, if you enter 30, EMS keeps events for 30 days. EMS automatically deletes any events older than 30 days.

    Automatically clear Chromebook events older than

    Enter the number of days that you want to keep Chromebook events. For example, if you enter 30, EMS keeps Chromebook events for 30 days. EMS automatically deletes any Chromebook events older than 30 days.

    Clear all now

    Click to immediately delete all FortiClient EMS logs or alerts.

    Send system log messages externally

    Select one of the following:

    • Disabled: FortiClient EMS does not send system log messages to an external server.
    • FortiAnalyzer: configure a FortiAnalyzer for FortiClient EMS to send system log messages to by entering the desired FortiAnalyzer address, port, and data protocol. See Incoming ports and Sending EMS system log messages to FortiAnalyzer.
    • SysLog: configure a syslog server for FortiClient EMS to send system log messages to by entering the desired syslog server address, port, and data protocol.

    When you have configured a FortiAnalyzer or syslog server for this option, EMS sends system log messages for the following events. This list is not exhaustive:

    • When FortiClient status changes to online
    • When EMS considers the FortiClient status as offline
    • When FortiClient reports a change in its IP address

    System log messages include information regarding date, time, hostname, device IP and MAC addresses, event time, operational system, message (online/offline/IP-changed, and so on), policy name, EMS name, and EMS serial number.

  3. Click Save.

Configuring Logs settings

Configuring Logs settings

You can specify what level of log messages to capture in the logs for FortiClient EMS. You can also specify when to automatically delete logs and alerts.

To configure Logs settings:
  1. Go to System Settings > Logs.
  2. Configure the following options:

    Log level

    Select the level of messages to include in FortiClient EMS logs. For example, if you select Info, all log messages from Info to Emergency are added to the FortiClient EMS logs.

    Automatically clear logs older than

    Enter the number of days that you want to store logs. For example, if you enter 30, EMS stores logs for 30 days. EMS automatically deletes any logs older than 30 days.

    Automatically clear alerts older than

    Enter the number of days that you want to keep alerts. For example, if you enter 30, EMS keeps alerts for 30 days. EMS automatically deletes any alerts older than 30 days.

    Automatically clear events older than

    Enter the number of days that you want to keep events. For example, if you enter 30, EMS keeps events for 30 days. EMS automatically deletes any events older than 30 days.

    Automatically clear Chromebook events older than

    Enter the number of days that you want to keep Chromebook events. For example, if you enter 30, EMS keeps Chromebook events for 30 days. EMS automatically deletes any Chromebook events older than 30 days.

    Clear all now

    Click to immediately delete all FortiClient EMS logs or alerts.

    Send system log messages externally

    Select one of the following:

    • Disabled: FortiClient EMS does not send system log messages to an external server.
    • FortiAnalyzer: configure a FortiAnalyzer for FortiClient EMS to send system log messages to by entering the desired FortiAnalyzer address, port, and data protocol. See Incoming ports and Sending EMS system log messages to FortiAnalyzer.
    • SysLog: configure a syslog server for FortiClient EMS to send system log messages to by entering the desired syslog server address, port, and data protocol.

    When you have configured a FortiAnalyzer or syslog server for this option, EMS sends system log messages for the following events. This list is not exhaustive:

    • When FortiClient status changes to online
    • When EMS considers the FortiClient status as offline
    • When FortiClient reports a change in its IP address

    System log messages include information regarding date, time, hostname, device IP and MAC addresses, event time, operational system, message (online/offline/IP-changed, and so on), policy name, EMS name, and EMS serial number.

  3. Click Save.