Fortinet black logo

New Features

Home FortiClient 6.4.0 New Features

Collecting and sending macOS host events to FortiAnalyzer 6.4.1

6.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 0649062b-898a-11ea-9384-00505692583a:571735
Download PDF

Collecting and sending macOS host events to FortiAnalyzer 6.4.1

To support lite SIEM functionality for the Fabric environment, as the Fabric Agent, FortiClient (macOS) collects and sends endpoint host logs (/var/log/system.log) to FortiAnalyzer for analysis.

In this configuration, a FortiClient (macOS) endpoint is registered to EMS. FortiAnalyzer has authorized this EMS for log submission. FortiClient (macOS) uploads logs to the FortiAnalyzer as the EMS profile specifies.

To configure this feature in EMS:
  1. In EMS, go to Endpoint Profiles > Manage Profiles.
  2. Select the desired profile.
  3. On the System Settings tab, enable Upload Logs to FortiAnalyzer/FortiManager.
  4. Enable Send OS Events.
  5. In the IP Address/Hostname field, enter the FortiAnalyzer IP address.
  6. Click Save.

The following shows how these logs display in FortiAnalyzer.

Previous
Next

Collecting and sending macOS host events to FortiAnalyzer 6.4.1

To support lite SIEM functionality for the Fabric environment, as the Fabric Agent, FortiClient (macOS) collects and sends endpoint host logs (/var/log/system.log) to FortiAnalyzer for analysis.

In this configuration, a FortiClient (macOS) endpoint is registered to EMS. FortiAnalyzer has authorized this EMS for log submission. FortiClient (macOS) uploads logs to the FortiAnalyzer as the EMS profile specifies.

To configure this feature in EMS:
  1. In EMS, go to Endpoint Profiles > Manage Profiles.
  2. Select the desired profile.
  3. On the System Settings tab, enable Upload Logs to FortiAnalyzer/FortiManager.
  4. Enable Send OS Events.
  5. In the IP Address/Hostname field, enter the FortiAnalyzer IP address.
  6. Click Save.

The following shows how these logs display in FortiAnalyzer.

Previous
Next