Problem
Where do i find Log files of the FortiClient in Windows ?
Solution
You may find some of the Log files directly on the Endpoint,
or you may request the Logs of the Client through FortiEMS.
Logs files may be found directly on the Windows Endpoint here:
C:\Program Files\Fortinet\FortiClient\logs
If you would like to download debug logs from the Endpoint through FortiEMS I’ve already written a guide how to do that:
https://www.c3it.net/fortiems-forticlient-retrieve-debug-logs/
If you would like to enable debug logs on the FortiClient through the EMS Server this KB might be helpful:
Further details
Here’s a short list of helpful Log files and where to find them
| What’s inside | Filepath in diag log (requested through EMS) https://www.c3it.net/fortiems-forticlient-retrieve-debug-logs/ | Directly on the Client | Notes |
| FortiClient to FortiEMS Sync Log EMS Certificate check Status Tag informations Installer Download info | FCDiagData\general\logs\trace\FortiESNAC_1.log | C:\Program Files\Fortinet\FortiClient\logs\trace\FortiESNAC_1.log | IP addresses transmitted to FortiEMS System informations, like Domain, IP MAC .. Transmitted to EMS |
| AV LOG shows blocked files and Versions of the Signatures | FCDiagData\general\logs\realtime_scan.log | C:\Program Files\Fortinet\FortiClient\logs\realtime_scan.log | |
| Vulnerability logs | FCDiagData\general\logs\vcm\DATE TIME\ | C:\Program Files\Fortinet\FortiClient\logs\vcm\DATE TIME\ | Check summary.json and then check the SIG.json files for details https://www.c3it.net/vulnerability-scan-show-filepath-of-a-vulnerable-file/ |
| VPN Log | FCDiagData\general\logs\trace\FortiVPN_1.log | C:\Program Files\Fortinet\FortiClient\logs\trace\FortiVPN_1.log | Parameters which had been used to connect (like address, machine mode….) |
| msinfo32 + Errorreporting | FCDiagData\general\SystemInfo.txt | Systeminformation + Windows Errorreporting only in the diag log | |
If you should need further assistance with Fortinet products don’t hesitate to contact us –> office@c3it.net
