Fortinet black logo

Administration Guide

Sending logs and software inventory reports to FortiAnalyzer or FortiManager

Sending logs and software inventory reports to FortiAnalyzer or FortiManager

The following products are required for an administrator to configure FortiClient to send logs and software inventory reports to FortiAnalyzer or FortiManager:

  • FortiClient
  • EMS
  • FortiAnalyzer or FortiManager

When FortiClient connects Telemetry to EMS, the endpoint can upload logs and software inventory reports to FortiAnalyzer or FortiManager units on port 514 TCP.

Where you locate FortiClient logs and software inventory reports in FortiAnalyzer depends on where FortiClient Telemetry is connected:

  • When FortiClient connects Telemetry to EMS, the FortiClient logs and software inventory reports display in the FortiClient ADOM in FortiAnalyzer. In this scenario FortiGate is not used.
  • When FortiClient connects Telemetry to FortiGate, the FortiClient logs and software inventory reports display in the FortiGate ADOM. Even if EMS is used with FortiGate to manage FortiClient endpoints, the FortiClient logs and software inventory reports still display in the FortiGate ADOM.

FortiClient collects information on regular software installed on the endpoint and sends the information to EMS and FortiAnalyzer. FortiClient sends the Software Inventory information when it first registers to EMS and when it first sends data to FortiAnalyzer. If software changes occur on the endpoint, such as installing new software, updating existing software, or removing existing software, FortiClient sends an updated inventory to EMS and FortiAnalyzer.

FortiClient Telemetry must connect to EMS for FortiClient to upload logs and software inventory reports to FortiAnalyzer or FortiManager.

Sending logs and software inventory reports to FortiAnalyzer or FortiManager

The following products are required for an administrator to configure FortiClient to send logs and software inventory reports to FortiAnalyzer or FortiManager:

  • FortiClient
  • EMS
  • FortiAnalyzer or FortiManager

When FortiClient connects Telemetry to EMS, the endpoint can upload logs and software inventory reports to FortiAnalyzer or FortiManager units on port 514 TCP.

Where you locate FortiClient logs and software inventory reports in FortiAnalyzer depends on where FortiClient Telemetry is connected:

  • When FortiClient connects Telemetry to EMS, the FortiClient logs and software inventory reports display in the FortiClient ADOM in FortiAnalyzer. In this scenario FortiGate is not used.
  • When FortiClient connects Telemetry to FortiGate, the FortiClient logs and software inventory reports display in the FortiGate ADOM. Even if EMS is used with FortiGate to manage FortiClient endpoints, the FortiClient logs and software inventory reports still display in the FortiGate ADOM.

FortiClient collects information on regular software installed on the endpoint and sends the information to EMS and FortiAnalyzer. FortiClient sends the Software Inventory information when it first registers to EMS and when it first sends data to FortiAnalyzer. If software changes occur on the endpoint, such as installing new software, updating existing software, or removing existing software, FortiClient sends an updated inventory to EMS and FortiAnalyzer.

FortiClient Telemetry must connect to EMS for FortiClient to upload logs and software inventory reports to FortiAnalyzer or FortiManager.