Sending logs to FortiAnalyzer or FortiManager
The following products are required for an administrator to configure FortiClient in managed mode to send logs to FortiAnalyzer or FortiManager:
- FortiClient
- FortiGate or EMS
- FortiAnalyzer or FortiManager
When FortiClient connects Telemetry to FortiGate or EMS, the endpoint can upload logs to FortiAnalyzer or FortiManager units on port 514 TCP.
Where you locate FortiClient logs in FortiAnalyzer depends on where FortiClient Telemetry is connected:
- When FortiClient connects Telemetry to EMS, the FortiClient logs display in the FortiClient ADOM in FortiAnalyzer. In this scenario FortiGate is not used.
- When FortiClient connects Telemetry to FortiGate, the FortiClient logs display in the FortiGate ADOM. Even if EMS is used with FortiGate to manage FortiClient endpoints, the FortiClient logs still display in the FortiGate ADOM.
FortiClient Telemetry must connect to FortiGate or EMS for FortiClient to upload logs to FortiAnalyzer or FortiManager. |