Fortinet black logo

CLI Reference

Home FortiADC 7.4.3 CLI Reference

diagnose debug module fnginx

7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.2
6.0.1
6.0.0
5.4.5
5.4.3
5.4.2
5.4.1
5.4.0
5.3.0
4.8.1
4.7.0
Copy Link
Copy Doc ID 27963d70-f14d-11ee-8c42-fa163e15d75b:114820
Download PDF

diagnose debug module fnginx

Use this command to view load balancing debug information for the following modules:

fnginx modules

fnginx_new modules
  • MySQL
  • Diameter
  • RTSP
  • RTMP
  • SMTP
  • FTP
  • MSSQL
  • RADIUS
  • ISO8583

Debug filtering is supported for fnginx_new modules. For details, see Fnginx debug filter.

The diagnose debug module fnginx and set-filter commands can be executed on the root and non-root VDOMs. However, debug logs cannot be isolated from VDOMs.

Syntax

diagnose debug module fnginx {show|all|conf|ssl_ae_info|stat|rtsp|mysql|smtp|rtmp|diameter|ftp|radius|iso8583|mssql|av|scripting}

show

 Show the fnginx debug status.

all

 View the debug information for all fnginx modules.

conf

 View the debug information for the configuration.

ssl_ae_info

 View the debug information for the SSL Authenticated Encryption (AE) cryptography.

stat

 View the statistic debug information.

rtsp

 View the RTSP load balancing debug information.

mysql

View the MySQL load balancing debug information.

smtp

View the SMTP load balancing debug information.

rtmp

View the RTMP load balancing debug information.

diameter

View the Diameter load balancing debug information.

ftp

View the FTP load balancing debug information.

radius

View the RADIUS load balancing debug information.

iso8583

View the ISO8583 load balancing debug information.

mssql

View the MSSQL load balancing debug information.

av

 View the Antivirus debug information.

scripting

View the stream scripting debug information.

Example

FortiADC-VM # diagnose debug module fnginx mysql set
profile type is mysql.
addr type 1.
make pool member conf, ip addr 20.6.2.1, port 80.
make pool member conf, ip addr 20.6.2.2, port 80.
make pool member conf, ip addr 20.6.2.3, port 80.
add vdom rlimit, vdom id: 1, ip: 1.1.1.1, port: 80, ssl: 0
test temp config success
dump configure data:
adc {
upstream mysql {
server 20.6.2.1:80 weight=1 up group_id=0 rs_name=pool1-1 id=3200;
server 20.6.2.2:80 weight=1 up group_id=0 rs_name=pool1-2 id=3201;
server 20.6.2.3:80 weight=1 up group_id=0 rs_name=pool1-3 id=3202;
mysql;
}
server mysql {
listen 1.1.1.1:80;
proxy_pass mysql;
fngx_log off;
persistence none;
source_address off;
mysql;
proxy_mode transaction;
mysql_mode 0;
}
}

Fnginx debug filter

You can set filters to specify the type of information to view to more easily troubleshoot and locate bugs. The set-filter/unset-filter options are currently only supported for fnginx_new modules. Both IPv4 and IPv6 are supported.

Any updates and changes to the debug filter will only take effect on new traffic flow. If the current connection is established, the following flow information will still be printed even if the filter does not match.

You can use the following keywords and operators to specify the debug filter:

Supported filter

Guideline
Keywords
  • vsname — Virtual Server name
  • rsname — Real Server name
  • srcip — Source IP
  • dstip — Destination IP
  • srcport — Source port
  • dstport — Destination port

Maximum length of a vsname/rsname is 63 characters.
Conditional operator =, !=, in
Logical operator

&, |, ()

Maximum total number of logical operators and brackets is 32.

The maximum length of a filter expression is 1023 characters.

To better focus the debug log to only print the specified debug information, it is recommended to first enable debug for the specific fnginx module and set the debug filter, and then enable the debug output.

For example:

FADC # diagnose debug module fnginx smtp

FADC # diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25“

FADC # diagnose debug enable

Syntax

diagnose debug module fnginx {set-filter|unset-filter|show-filter}

set-filter

Set the debug filter for fnginx modules.

Set-filter only supports fnginx_new modules: SMTP, FTP, MSSQL, RADIUS, and ISO8583.

unset-filter

 Unset the debug filter for fnginx modules.

show-filter

 Show the debug filter for fnginx modules.

Example

diagnose debug module fnginx set-filter "srcip=10.65.1.62 & vsname=vs-smtp-25"
diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25"
diagnose debug module fnginx set-filter "(srcip=10.65.1.62 | srcip=2001:1234::a41:3e) & (vsname=vs-smtp-25 | vsname=vs-smtp-IPv6) “
diagnose debug module fnginx set-filter "((srcip in 10.65.1.0/24) & vsname=vs-smtp-25) | (srcip=10.65.1.62 & vsname=vs-radius)"
diagnose debug module fnginx set-filter "srcip=10.65.1.62 & srcport=20001 & vsname=vs-smtp-25 & rsname=rs66 & dstport=25"
Previous
Next

diagnose debug module fnginx

Use this command to view load balancing debug information for the following modules:

fnginx modules

fnginx_new modules
  • MySQL
  • Diameter
  • RTSP
  • RTMP
  • SMTP
  • FTP
  • MSSQL
  • RADIUS
  • ISO8583

Debug filtering is supported for fnginx_new modules. For details, see Fnginx debug filter.

The diagnose debug module fnginx and set-filter commands can be executed on the root and non-root VDOMs. However, debug logs cannot be isolated from VDOMs.

Syntax

diagnose debug module fnginx {show|all|conf|ssl_ae_info|stat|rtsp|mysql|smtp|rtmp|diameter|ftp|radius|iso8583|mssql|av|scripting}

show

 Show the fnginx debug status.

all

 View the debug information for all fnginx modules.

conf

 View the debug information for the configuration.

ssl_ae_info

 View the debug information for the SSL Authenticated Encryption (AE) cryptography.

stat

 View the statistic debug information.

rtsp

 View the RTSP load balancing debug information.

mysql

View the MySQL load balancing debug information.

smtp

View the SMTP load balancing debug information.

rtmp

View the RTMP load balancing debug information.

diameter

View the Diameter load balancing debug information.

ftp

View the FTP load balancing debug information.

radius

View the RADIUS load balancing debug information.

iso8583

View the ISO8583 load balancing debug information.

mssql

View the MSSQL load balancing debug information.

av

 View the Antivirus debug information.

scripting

View the stream scripting debug information.

Example

FortiADC-VM # diagnose debug module fnginx mysql set
profile type is mysql.
addr type 1.
make pool member conf, ip addr 20.6.2.1, port 80.
make pool member conf, ip addr 20.6.2.2, port 80.
make pool member conf, ip addr 20.6.2.3, port 80.
add vdom rlimit, vdom id: 1, ip: 1.1.1.1, port: 80, ssl: 0
test temp config success
dump configure data:
adc {
upstream mysql {
server 20.6.2.1:80 weight=1 up group_id=0 rs_name=pool1-1 id=3200;
server 20.6.2.2:80 weight=1 up group_id=0 rs_name=pool1-2 id=3201;
server 20.6.2.3:80 weight=1 up group_id=0 rs_name=pool1-3 id=3202;
mysql;
}
server mysql {
listen 1.1.1.1:80;
proxy_pass mysql;
fngx_log off;
persistence none;
source_address off;
mysql;
proxy_mode transaction;
mysql_mode 0;
}
}

Fnginx debug filter

You can set filters to specify the type of information to view to more easily troubleshoot and locate bugs. The set-filter/unset-filter options are currently only supported for fnginx_new modules. Both IPv4 and IPv6 are supported.

Any updates and changes to the debug filter will only take effect on new traffic flow. If the current connection is established, the following flow information will still be printed even if the filter does not match.

You can use the following keywords and operators to specify the debug filter:

Supported filter

Guideline
Keywords
  • vsname — Virtual Server name
  • rsname — Real Server name
  • srcip — Source IP
  • dstip — Destination IP
  • srcport — Source port
  • dstport — Destination port

Maximum length of a vsname/rsname is 63 characters.
Conditional operator =, !=, in
Logical operator

&, |, ()

Maximum total number of logical operators and brackets is 32.

The maximum length of a filter expression is 1023 characters.

To better focus the debug log to only print the specified debug information, it is recommended to first enable debug for the specific fnginx module and set the debug filter, and then enable the debug output.

For example:

FADC # diagnose debug module fnginx smtp

FADC # diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25“

FADC # diagnose debug enable

Syntax

diagnose debug module fnginx {set-filter|unset-filter|show-filter}

set-filter

Set the debug filter for fnginx modules.

Set-filter only supports fnginx_new modules: SMTP, FTP, MSSQL, RADIUS, and ISO8583.

unset-filter

 Unset the debug filter for fnginx modules.

show-filter

 Show the debug filter for fnginx modules.

Example

diagnose debug module fnginx set-filter "srcip=10.65.1.62 & vsname=vs-smtp-25"
diagnose debug module fnginx set-filter "(srcip in 10.65.1.0/24) & vsname=vs-smtp-25"
diagnose debug module fnginx set-filter "(srcip=10.65.1.62 | srcip=2001:1234::a41:3e) & (vsname=vs-smtp-25 | vsname=vs-smtp-IPv6) “
diagnose debug module fnginx set-filter "((srcip in 10.65.1.0/24) & vsname=vs-smtp-25) | (srcip=10.65.1.62 & vsname=vs-radius)"
diagnose debug module fnginx set-filter "srcip=10.65.1.62 & srcport=20001 & vsname=vs-smtp-25 & rsname=rs66 & dstport=25"
Previous
Next