Appendix B - CLI commands

An EMS CLI tool, /opt/forticlientems/bin/emscli, is available. The following summarizes the CLI commands available for EMS:

Making configuration changes

You can make EMS configuration changes, such as enabling and disabling remote HTTPS access to EMS, through emscli. You can access usage information by using the following commands:

/opt/forticlientems/bin/emscli config set console -h
Sets auto upgrade specific configuration
 
Usage:
  emscli config set console [flags]
 
Flags:
      --allowed.hosts string    Comma separated list, with not spaces of allowed hosts to refer to the console with
      --disable.remote.access   Disables remote https access to the EMS console
      --enable.remote.access    Enables remote https access to the EMS console
      --fileserver.port int     New fileserver port for the EMS console. By default it uses port 10443
  -h, --help                    help for console
      --http.port int           New http port for the EMS console. By default it uses port 80
      --https.port int          New https port for the EMS console. By default it uses port 443

You can also make configuration changes to the EMS database. You can access usage information by using the following commands:

/opt/forticlientems/bin/emscli config set db -h
Sets the DB config from the specified flags
 
Usage:
  emscli config set db [flags]
 
Flags:
      --db.host string       new DB host to set the application config to
      --db.password string   new DB password to set the application config to
      --db.port string       new DB port to set the application config to
      --db.user string       new DB user to set the application config to
  -h, --help                 help for db

Managing services

You can check, start, and restart EMS services. You can also enable and disable debugging for specific services and follow logs. You may find these options helpful for troubleshooting. You can access usage information by using the following commands:

/opt/forticlientems/bin/emscli service -h
service operations (get|start|stop|restart)
 
Usage:
  emscli service [command]
 
Available Commands:
  disable-debug disables debug logging for service or services
  enable-debug  enables debug logging for service or services
  get           returns information about a service or services
  log           prints and follows the latest log for a service or services
  restart       restarts a service or services
  start         starts a service or services
  stop          stops a service or services

To stop a specific service (fcems_monitor in this example), you can enter /opt/forticlientems/bin/emscli service stop fcems_monitor.

Accessing the database

You can access the EMS database(s). You can access usage information by using the following commands:

/opt/forticlientems/bin/emscli db -h
Command used to access the EMS DB using psql and be able to run queries. If a query is provided in the command line, that query will be executed and psql will exit.
 
Usage:
  emscli db [flags]
 
Flags:
      --db string      The database to connect to (default "fcm_default")
  -h, --help           help for db
      --query string   The query to execute on the database

For example, to access an EMS database named DB1, enter /opt/forticlientems/bin/emscli db --db DB1.

Obtaining data from the DAS cache

You can obtain data from the DAS cache. You can access usage information by using the following commands:

/opt/forticlientems/bin/emscli cache -h
returns data from the DAS cache
 
Usage:
  emscli cache [command]
 
Available Commands:
  get         returns data from the DAS cache. Flags are mandatory

/opt/forticlientems/bin/emscli cache get -h
returns data from the DAS cache. Flags are mandatory
 
Usage:
  emscli cache get [flags]
 
Flags:
      --db string      The DB name. It must be prefixed with fcm_ for vdom dbs.
      --format         Prints the response json in pretty format.
  -h, --help           help for get
      --id string      The ID of the object to retrieve from the DAS cache
      --model string   The name of the das model to query. Options are: generic, fct, users, devices

Diagnosing endpoints

You can diagnose endpoints to obtain endpoint data. You can access usage information by using the following commands:

/opt/forticlientems/bin/emscli diag -h
Command used to diagnose
 
Usage:
  emscli diag [command]
 
Available Commands:
  endpoint    Shows details for an endpoint to help with troubleshooting

/opt/forticlientems/bin/emscli diag endpoint -h
Shows details for an endpoint to help with troubleshooting
 
Usage:
  emscli diag endpoint [flags]
 
Flags:
      --dev-only      Return only device data
      --fct-only      Return only fct & fct user data
      --full          Return all device, FCT and FCT user data
  -h, --help          help for endpoint
      --id string     The id for the endpoint. Can be a host name or the endpoint UUID
      --logs          Includes the latest log entries for the endpoint/device
      --site string   If using multitenancy, the name of the site. (default "default")

For example, to retrieve all device, FortiClient, and FortiClient user data for an endpoint with ID EXAMPLEID, enter /opt/forticlientems/bin/emscli diag endpoint --id EXAMPLEID --full.