Fortinet white logo
Fortinet white logo

CLI Reference

test

test

Use the following commands to test the FortiAnalyzer.

test application

Use this command to test application daemons. Enter an unassigned integer value to see the available options for each command.

Syntax

diagnose test application apiproxyd <integer> <integer> ... <integer>

diagnose test application archd <integer> <integer> ... <integer>

diagnose test application clusterd <integer> <integer> ... <integer>

diagnose test application execmd <integer> <integer> ... <integer>

diagnose test application fabricsyncd <integer> <integer> ... <integer>

diagnose test application fazcfgd <integer> <integer> ... <integer>

diagnose test application fazmaild <integer> <integer> ... <integer>

diagnose test application faznotify <integer> <integer> ... <integer>

diagnose test application fazsvcd <integer> <integer> ... <integer>

diagnose test application fazwatchd <integer> <integer> ... <integer>

diagnose test application filefwd <integer> <integer> ... <integer>

diagnose test application fileparsed <integer> <integer> ... <integer>

diagnose test application fortilogd <integer> <integer> ... <integer>

diagnose test application logfiled <integer> <integer> ... <integer>

diagnose test application logfwd <integer> <integer> ... <integer>

diagnose test application log-fetchd <integer> <integer> ... <integer>

diagnose test application miglogd <integer> <integer> ... <integer>

diagnose test application oftpd <integer> <integer> ... <integer>

diagnose test application rptchkd <integer> <integer> ... <integer>

diagnose test application scansched <integer> <integer> ... <integer>

diagnose test application siemagentd <integer> <integer> ... <integer>

diagnose test application siemdbd <integer> <integer> ... <integer>

diagnose test application snmpd <integer> <integer> ... <integer>

diagnose test application sqllogd <integer> <integer> ... <integer>

diagnose test application sqlplugind <integer> <integer> ... <integer>

diagnose test application sqlreportd <integer> <integer> ... <integer>

diagnose test application sqlrptcached <integer> <integer> ... <integer>

diagnose test application syncsched <integer> <integer> ... <integer>

diagnose test application uploadd <integer> <integer> ... <integer>

Variable

Description

apiproxyd <integer> ...

API proxy daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 20: fsa tracer log request
  • 21: fsa tracer log request
  • 99: restart daemon

archd <integer> ...

Archd daemon test usage:

  • 1: usage
  • 2: display content subdir info file
  • 3: force scan to archive ips files
  • 4: force preen content files
  • 99: restart daemon

clusterd <integer> ...

Clusterd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: Thread pool status
  • 3: Log Cluster core
  • 4: Devices cache module
  • 5: Logging Topology module
  • 6: Avatar uploading module
  • 7: Meta-CSF uploading module
  • 8: Meta-InterfaceRole module
  • 9: Tunnel module
  • 10: oftpd file fwd module
  • 11: Service module
  • 97: HA module
  • 98: Monitor status
  • 99: Restart clusterd
  • 100: Restart clusterd and clusterd-monitor
  • 102: Various tests
  • 103: generate core dump (on or off) when cluster.monitor kills cluster.main

execmd <integer> ...

Execmd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show statistics of cmd tool
  • 5: reset statistics of cmd tool
  • 99: restart daemon

fabricsyncd <integer> ...

Fabricsyncd daemon test usage.

fazcfgd <integer> ...

Fazcfg daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics
  • 3: show merged ca info
  • 40: DVM cache diag info

  • 41: CSF diag info

  • 42: IntfRole diag info

  • 43: reload csf info in devtable

  • 44: show log device group stats

  • 45: check log device group

  • 46: metadata table diag info [sub-module]

  • 48: test update link prefixes file

  • 49: test update webfilter categories description file

  • 50: test get app icon
  • 51: test update app logo files
  • 52: dvm call stats
  • 53: dvm call stats clear
  • 54: check ips/app meta-data update
  • 55: log disk readahead get
  • 56: log disk readahead toggle
  • 57: fix redis service
  • 58: check redis service
  • 59: test update faz license
  • 60: test fortigate restful api

  • 65: log aggregation server stats

  • 66:log aggregation server stats toggle (debug only)

  • 67: test redis security connect [port] [key] [value]

  • 82: list avatar meta-data

  • 83: rebuild avatar meta-data table

  • 84: rebuild ips meta-data table
  • 85: rebuild app meta-data table
  • 86: rebuild FortiClient Vulneribility meta-data table
  • 88: update ffdb meta-data

  • 90: use built-in TIDB package and disable updating it

  • 91: enable updating TIDB package

  • 92: disable updating TIDB package

  • 93: switch on/off adom default report schedule

  • 94: switch on/off report schedule by name

  • 97: set 'force_restore_data' flag for clickhouse start

  • 99: restart daemon

fazmaild <integer> ...

Fazmaild daemon test usage:

  • 1: show PID and daemon status
  • 2: show runtime status
  • 90: pause sending mail
  • 91: resume sending mail
  • 99: restart fazmaild daemon

faznotify <integer> ...

Faznotify daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show faznotify statistics [clear]
  • 10: send a faznotify <adom> <id> <send-data>
  • 20: show active channel
  • 29: delete active channel <adom> <id>
  • 30: pause active channel <seconds>
  • 99: restart

fazsvcd <integer> ...

Fazsvcd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats and status
  • 3: list async search threads
  • 4: dump async search slot info
  • 5: show cache builder stats
  • 6: dump cache builder playlist
  • 7: dump log search filters
  • 10: show database log stats aggregated per day
  • 11: show received log stats aggregated per day
  • 20: show avatar request stats
  • 50: enable or disable cache builder
  • 51: enable or disable auto custom index
  • 57: Fazbroker stats
  • 58: reset Fazbroker stats
  • 60: rawlog idx cache test
  • 61: logbrowse cache stats
  • 62: FortiView Session Stats
  • 70: show stats for device vdom cache
  • 71: show stats for remote fortiview and reports
  • 72: show filterable and sortable fields for fortiview. <v3.0 view name>
  • 75: data masking test: <passwd> <plaint test> <1|0 (high secure)> [do_unmasking]
  • 76: fazsvcd fabric service diagnostics
  • 99: restart daemon
  • 100: log FAZ debugs
  • 101: Close FAZ debug log
  • 200: gui api test
  • 201: diag for jsonrpc ..

fazwatchd <integer> ...

Fazwatchd daemon test usage:

  • 1: show process summary and report stats
  • 2: show playbook stats
  • 4: show nac asset stats
  • 5: show playbook task log
  • 6: show ha command execution stats
  • 7: show casb metadata stats
  • 8: show ems metadata stats
  • 9: show pgsvr.log monitor stats
  • 99: restart daemon

filefwd <integer> ...

Filefwd daemon test usage:

  • 1: show daemon PID
  • 2: show daemon stats
  • 3: show threads stats
  • 99: restart daemon

fileparsed <integer> ...

Fileparsed daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show devtable local cache status
  • 4: reload devtable local cache.
  • 11: show FortiGate interface cache status
  • 12: show FortiGate interface parsers status
  • 13: show FortiGate interface archived files disk usage
  • 14: show FortiGate interface archived files retention days
  • 15: show FortiGate interface info
  • 16: show total number of interfaces trimmed from database
  • 17: show FortiGate policy files process status
  • 18: show total number of policy records in database
  • 98: rebuild FortiGate interface SQL tables
  • 99: restart daemon

fortilogd <integer> ...

Fortilogd Diag test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: dump message status
  • 3: logstat status
  • 4: client devices status
  • 5: print log received
  • 6: switch on/off debug messages
  • 7: log forwarding prep status
  • 8: show logUID info
  • 9: device log cache reloading status
  • 10: dz_client cache status
  • 11: file stats
  • 12: stop/restart receiving logs

  • 14: show cached adom lograte status

  • 15: show cached adom log volume status

  • 16: show appevent logs receiving info

  • 17: show logging rate of the system and per-device

  • 90: show or set fortilogd working status

  • 95: show runtime logs. option format: pid=0:current,-1:all,PID duration=DURA filter=STR

  • 98: memory check

  • 99: restart fortilogd

logfiled <integer> ...

Logfile daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 4: show ADOM statistics
  • 5: show device statistics
  • 6: show auto-del statistics
  • 7: show log file disk usage
  • 8: update log file disk usage
  • 9: show inode usage
  • 10: enable or disable debug filterof device and vdom
  • 11: du cache diag commands
  • 12: force to checkthe oldest log litime when trim log files.
  • 90: reset statistics and state
  • 91: force to preen content files info
  • 99: restart daemon

logfwd <integer> ...

Logfwd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ..)
  • 2: Dump thread-pool status
  • 3: Dump log-forward configurations
  • 4: Dump log-forwarding status
  • 5: Overall and converter stats
  • 6: Dump HA CID info
  • 7: show runtime logs. option format: pid=0:current,-1:all,PID duration=DURA filter=STR
  • 8: show cfile list status [all: for all cfiles]
  • 9: show max durationof loss in memory mode, 120 seconds default, 0 to disable memory mode
  • 10: Force logfwd to run in disk mode [1:enable, 0:disable]
  • 97: memory check
  • 98: Reset log-forwarding stats
  • 99: Restart logfwd

log-fetchd <integer> ...

Log-fetch daemon test usage:

  • 1: show PID
  • 2: show states
  • 3: show running sessions
  • 99: restart the daemon

miglogd <integer> ...

Miglogd daemon test usage:

  • 1: show PID
  • 2: dump memory pool
  • 99: restart daemon

oftpd <integer> ...

Oftpd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show connected device name and IP
  • 4: show detailed session state
  • 5: show oftp request statistics
  • 6: show cmdb device cache
  • 7: show logfwd thread stats
  • 8: show tasklist statistics
  • 9: show unreg dev cache
  • 10: log cluster bridge stats
  • 12: show HA group cache
  • 13: show file fwd stats
  • 14: show fct software inventory cache
  • 15: show fgt interface stats
  • 16: show fos-auto device dump. [dev] to dump device list
  • 17: show device logging rate & rate-limit. [enable] to force tracking log-rate or [disable] to track only rate-limited devices. [config] to show config
  • 18: show fgt policy info, [dev] to dump device list
  • 21: dump oftp-restapi-sched stats
  • 22: dump oftp-restapi-sched status
  • 23: dump oftp csf member status
  • 30: dump csf groups data in all adoms in json string
  • 31: show csf groups update stats
  • 32: reschedule all restapi task for designated devid
  • 40: test loading a CA cert from local path
  • 50: display logtypes for all devid
  • 60: display login requests stats
  • 80: set region
  • 90: reload un-reg device tree
  • 91: delete designated csf group
  • 92: reload reg dev cache
  • 95: debug output
  • 99: restart daemon

rptchkd <integer> ...

Sqlrptcache daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: list adoms
  • 6: list schedules
  • 55: re-check an adom
  • 99: restart daemon
  • 910: enable rptchkd
  • 911: disable rptchkd

scansched <integer> ...

Scansched daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 11: show ioc-rescan task status
  • 99: restart daemon

siemagentd <integer> ...

Siemagentd daemon test usage:

  • 1: show PID

  • 2: show daemon statistics

  • 3: show daemon worker statistics

  • 4: show daemon worker status stats

  • 5: show supported device-log types

  • 11: worker process run

  • 12: worker process suspend

  • 13: worker process exit

  • 20: show the siem stream storage info

  • 21: show the latest siem stream submitted in redis

  • 99: restart daemon

  • 200: diag for log based alert (event mgmt)

  • 205: diag for endpoint and enduser

siemdbd <integer> ...

Siemdbd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)

  • 2: show statistics and state

  • 3: show running processes

  • 4: show writers info

  • 5: show splitter info

  • 6: show Adom database info

  • 7: show trimmer info

  • 8: show the shared Materialized View disk usage info

  • 9: set/reset max memory usage ratio

  • 10: add or drop skip indices on SIEM table

  • 41: show writer 1 info

  • 42: show writer 2 info

  • 43: show writer 3 info

  • 97: clear redis stream

  • 99: restart daemon

snmpd <integer> ...

SNMP daemon test usage:

  • 1: display daemon pid
  • 2: display snmp statistics
  • 3: clear snmp statistics
  • 4: generate test trap (cpu high)
  • 5: generate test traps (log alert, rate, data rate)
  • 6: generate test traps (licensed gb/day, device quota)
  • 99: restart daemon

sqllogd <integer> ...

SqlLog daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: show worker init state
  • 4: show worker thread info
  • 5: show log device scan info, optionally filter by <devid>
  • 7: show ADOM device list by <adom-name>
  • 8: show logUID info
  • 9: show ADOM scan sync info, optionally filter by <adom>
  • 10: show FortiClient dev to sql-ID (sID) map
  • 11: show devtable cache info
  • 12: show intfrole cache info
  • 41: show worker 1 info
  • 51: show worker 1 registered log devices
  • 61: show worker 1 open log file cache
  • 70: show sql database building progress
  • 71: show the progress of upgrading log files into per-vdom storage
  • 72: run the upgrading log files into per-vdom storage
  • 80: show daemon status flags
  • 81: show debug zone devices status
  • 82: show all adoms with member devices or filer by <adom-name>
  • 83: show all registered logdevs
  • 84: show all unreg logdevs
  • 85: show fazid map stats
  • 91: diag worker devvd loadbalance
  • 95: request to rebuild SQL database for local event logs
  • 96: resend all pending batch files to sqlplugind
  • 97: rebuilding warm restart
  • 98: set worker assignment to policy 'round-robin' or 'adom-affinity', daemon will restart on policy change.
  • 99: restart daemon
  • 200: diag for log based alert (event mgmt) ..
  • 201: diag for utmref cache ..
  • 202: diag for fgt-fct corelation ..
  • 203: diag for logstat ..
  • 204: diag for IoC ..
  • 205: diag for endpoint and enduser ..
  • 206: diag for ueba ..
  • 207: diag for FSA scan session ..
  • 208: diag for audit report event process ..
  • 209: diag for shadow it info ..
  • 221: estimated browsing time stats
  • 222: fsa devmap cache info
  • 224: fgt lograte cache info
  • 225: dump enum field error cache
  • 226: reset enum field error cache
  • 227: dump tz field error cache
  • 228: reset tz field error cache

sqlplugind <integer> ...

Sqlplugind daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats
  • 3: show SIEM table stats
  • 4: show table compressor stats
  • 5: show table compressor Adom stats
  • 6: show table slow upgrade info
  • 91: scan hcache query templates and clean up unused
  • 98: scan and clean zombie cstore files
  • 99: restart daemon

sqlreportd <integer> ...

Sqlreportd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats
  • 3: show restorable table schema
  • 4: show restorable table status
  • 99: restart daemon

sqlrptcached <integer> ...

Sqlrptcache daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: reset statistics and state
  • 5: dump auto-cache charts
  • 99: restart daemon

syncsched <integer> ...

Syncsched daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show report nodes states
  • 3: show report syncing state
  • 4: show ha sync peers
  • 5: reset ha sync queue
  • 6: show ha elog sync
  • 10: sync reports with peer
  • 11: fsync stat
  • 12: fsync reload
  • 13: trim sync dir stat
  • 99: restart daemon

uploadd <integer> ...

Uploadd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show uploadd queues content
  • 5: show upload server state
  • 50: clear log queue [mirror server1]
  • 51: clear log queue [mirror server2]
  • 52: clear log queue [mirror server3]
  • 53: clear log queue [backup]
  • 54: clear log queue [original request]
  • 55: clear log queues [all]
  • 56: clear report queue
  • 60: cloud storage bget backlog info
  • 61: cloud storage get setting pending info <setting name>
  • 62: cloud storage test connector <connector> <remote path>
  • 63: cloud storage get usage info
  • 99: restart daemon

test connection

Test the connection to the mail server and syslog server.

Syntax

diagnose test connection fortianalyzer <ip>

diagnose test connection mailserver <server-name> <mail-from> <mail-to>

diagnose test connection syslogserver <server-name>

Variable

Description

fortianalyzer <ip>

Test the connection to the FortiAnalyzer.

mailserver <server-name> <mail-from> <mail-to>

Test the connection to the mail server.

syslogserver <server-name>

Test the connection to the syslog server.

test policy-check

Check policy consistency.

Syntax

diagnose test policy-check flush

diagnose test policy-check list

Variable

Description

flush

Flush all policy check sessions.

list

List all policy check sessions.

test search

Test the search daemon.

Syntax

diagnose test search flush

diagnose test search list

Variable

Description

flush

Flush all search sessions.

list

List all search sessions.

test sftp

Use this command to test the secure file transfer protocol (SFTP) scheduled backup.

Syntax

diagnose test sftp auth <sftp server> <username> <password> <directory>

Variable

Description

<sftp server>

SFTP server IP address.

<username>

SFTP server username.

<password>

SFTP server password.

<directory>

The directory on the SFTP server where you want to put the file (default = /).

test

test

Use the following commands to test the FortiAnalyzer.

test application

Use this command to test application daemons. Enter an unassigned integer value to see the available options for each command.

Syntax

diagnose test application apiproxyd <integer> <integer> ... <integer>

diagnose test application archd <integer> <integer> ... <integer>

diagnose test application clusterd <integer> <integer> ... <integer>

diagnose test application execmd <integer> <integer> ... <integer>

diagnose test application fabricsyncd <integer> <integer> ... <integer>

diagnose test application fazcfgd <integer> <integer> ... <integer>

diagnose test application fazmaild <integer> <integer> ... <integer>

diagnose test application faznotify <integer> <integer> ... <integer>

diagnose test application fazsvcd <integer> <integer> ... <integer>

diagnose test application fazwatchd <integer> <integer> ... <integer>

diagnose test application filefwd <integer> <integer> ... <integer>

diagnose test application fileparsed <integer> <integer> ... <integer>

diagnose test application fortilogd <integer> <integer> ... <integer>

diagnose test application logfiled <integer> <integer> ... <integer>

diagnose test application logfwd <integer> <integer> ... <integer>

diagnose test application log-fetchd <integer> <integer> ... <integer>

diagnose test application miglogd <integer> <integer> ... <integer>

diagnose test application oftpd <integer> <integer> ... <integer>

diagnose test application rptchkd <integer> <integer> ... <integer>

diagnose test application scansched <integer> <integer> ... <integer>

diagnose test application siemagentd <integer> <integer> ... <integer>

diagnose test application siemdbd <integer> <integer> ... <integer>

diagnose test application snmpd <integer> <integer> ... <integer>

diagnose test application sqllogd <integer> <integer> ... <integer>

diagnose test application sqlplugind <integer> <integer> ... <integer>

diagnose test application sqlreportd <integer> <integer> ... <integer>

diagnose test application sqlrptcached <integer> <integer> ... <integer>

diagnose test application syncsched <integer> <integer> ... <integer>

diagnose test application uploadd <integer> <integer> ... <integer>

Variable

Description

apiproxyd <integer> ...

API proxy daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 20: fsa tracer log request
  • 21: fsa tracer log request
  • 99: restart daemon

archd <integer> ...

Archd daemon test usage:

  • 1: usage
  • 2: display content subdir info file
  • 3: force scan to archive ips files
  • 4: force preen content files
  • 99: restart daemon

clusterd <integer> ...

Clusterd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: Thread pool status
  • 3: Log Cluster core
  • 4: Devices cache module
  • 5: Logging Topology module
  • 6: Avatar uploading module
  • 7: Meta-CSF uploading module
  • 8: Meta-InterfaceRole module
  • 9: Tunnel module
  • 10: oftpd file fwd module
  • 11: Service module
  • 97: HA module
  • 98: Monitor status
  • 99: Restart clusterd
  • 100: Restart clusterd and clusterd-monitor
  • 102: Various tests
  • 103: generate core dump (on or off) when cluster.monitor kills cluster.main

execmd <integer> ...

Execmd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show statistics of cmd tool
  • 5: reset statistics of cmd tool
  • 99: restart daemon

fabricsyncd <integer> ...

Fabricsyncd daemon test usage.

fazcfgd <integer> ...

Fazcfg daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics
  • 3: show merged ca info
  • 40: DVM cache diag info

  • 41: CSF diag info

  • 42: IntfRole diag info

  • 43: reload csf info in devtable

  • 44: show log device group stats

  • 45: check log device group

  • 46: metadata table diag info [sub-module]

  • 48: test update link prefixes file

  • 49: test update webfilter categories description file

  • 50: test get app icon
  • 51: test update app logo files
  • 52: dvm call stats
  • 53: dvm call stats clear
  • 54: check ips/app meta-data update
  • 55: log disk readahead get
  • 56: log disk readahead toggle
  • 57: fix redis service
  • 58: check redis service
  • 59: test update faz license
  • 60: test fortigate restful api

  • 65: log aggregation server stats

  • 66:log aggregation server stats toggle (debug only)

  • 67: test redis security connect [port] [key] [value]

  • 82: list avatar meta-data

  • 83: rebuild avatar meta-data table

  • 84: rebuild ips meta-data table
  • 85: rebuild app meta-data table
  • 86: rebuild FortiClient Vulneribility meta-data table
  • 88: update ffdb meta-data

  • 90: use built-in TIDB package and disable updating it

  • 91: enable updating TIDB package

  • 92: disable updating TIDB package

  • 93: switch on/off adom default report schedule

  • 94: switch on/off report schedule by name

  • 97: set 'force_restore_data' flag for clickhouse start

  • 99: restart daemon

fazmaild <integer> ...

Fazmaild daemon test usage:

  • 1: show PID and daemon status
  • 2: show runtime status
  • 90: pause sending mail
  • 91: resume sending mail
  • 99: restart fazmaild daemon

faznotify <integer> ...

Faznotify daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show faznotify statistics [clear]
  • 10: send a faznotify <adom> <id> <send-data>
  • 20: show active channel
  • 29: delete active channel <adom> <id>
  • 30: pause active channel <seconds>
  • 99: restart

fazsvcd <integer> ...

Fazsvcd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats and status
  • 3: list async search threads
  • 4: dump async search slot info
  • 5: show cache builder stats
  • 6: dump cache builder playlist
  • 7: dump log search filters
  • 10: show database log stats aggregated per day
  • 11: show received log stats aggregated per day
  • 20: show avatar request stats
  • 50: enable or disable cache builder
  • 51: enable or disable auto custom index
  • 57: Fazbroker stats
  • 58: reset Fazbroker stats
  • 60: rawlog idx cache test
  • 61: logbrowse cache stats
  • 62: FortiView Session Stats
  • 70: show stats for device vdom cache
  • 71: show stats for remote fortiview and reports
  • 72: show filterable and sortable fields for fortiview. <v3.0 view name>
  • 75: data masking test: <passwd> <plaint test> <1|0 (high secure)> [do_unmasking]
  • 76: fazsvcd fabric service diagnostics
  • 99: restart daemon
  • 100: log FAZ debugs
  • 101: Close FAZ debug log
  • 200: gui api test
  • 201: diag for jsonrpc ..

fazwatchd <integer> ...

Fazwatchd daemon test usage:

  • 1: show process summary and report stats
  • 2: show playbook stats
  • 4: show nac asset stats
  • 5: show playbook task log
  • 6: show ha command execution stats
  • 7: show casb metadata stats
  • 8: show ems metadata stats
  • 9: show pgsvr.log monitor stats
  • 99: restart daemon

filefwd <integer> ...

Filefwd daemon test usage:

  • 1: show daemon PID
  • 2: show daemon stats
  • 3: show threads stats
  • 99: restart daemon

fileparsed <integer> ...

Fileparsed daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show devtable local cache status
  • 4: reload devtable local cache.
  • 11: show FortiGate interface cache status
  • 12: show FortiGate interface parsers status
  • 13: show FortiGate interface archived files disk usage
  • 14: show FortiGate interface archived files retention days
  • 15: show FortiGate interface info
  • 16: show total number of interfaces trimmed from database
  • 17: show FortiGate policy files process status
  • 18: show total number of policy records in database
  • 98: rebuild FortiGate interface SQL tables
  • 99: restart daemon

fortilogd <integer> ...

Fortilogd Diag test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: dump message status
  • 3: logstat status
  • 4: client devices status
  • 5: print log received
  • 6: switch on/off debug messages
  • 7: log forwarding prep status
  • 8: show logUID info
  • 9: device log cache reloading status
  • 10: dz_client cache status
  • 11: file stats
  • 12: stop/restart receiving logs

  • 14: show cached adom lograte status

  • 15: show cached adom log volume status

  • 16: show appevent logs receiving info

  • 17: show logging rate of the system and per-device

  • 90: show or set fortilogd working status

  • 95: show runtime logs. option format: pid=0:current,-1:all,PID duration=DURA filter=STR

  • 98: memory check

  • 99: restart fortilogd

logfiled <integer> ...

Logfile daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 4: show ADOM statistics
  • 5: show device statistics
  • 6: show auto-del statistics
  • 7: show log file disk usage
  • 8: update log file disk usage
  • 9: show inode usage
  • 10: enable or disable debug filterof device and vdom
  • 11: du cache diag commands
  • 12: force to checkthe oldest log litime when trim log files.
  • 90: reset statistics and state
  • 91: force to preen content files info
  • 99: restart daemon

logfwd <integer> ...

Logfwd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ..)
  • 2: Dump thread-pool status
  • 3: Dump log-forward configurations
  • 4: Dump log-forwarding status
  • 5: Overall and converter stats
  • 6: Dump HA CID info
  • 7: show runtime logs. option format: pid=0:current,-1:all,PID duration=DURA filter=STR
  • 8: show cfile list status [all: for all cfiles]
  • 9: show max durationof loss in memory mode, 120 seconds default, 0 to disable memory mode
  • 10: Force logfwd to run in disk mode [1:enable, 0:disable]
  • 97: memory check
  • 98: Reset log-forwarding stats
  • 99: Restart logfwd

log-fetchd <integer> ...

Log-fetch daemon test usage:

  • 1: show PID
  • 2: show states
  • 3: show running sessions
  • 99: restart the daemon

miglogd <integer> ...

Miglogd daemon test usage:

  • 1: show PID
  • 2: dump memory pool
  • 99: restart daemon

oftpd <integer> ...

Oftpd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show connected device name and IP
  • 4: show detailed session state
  • 5: show oftp request statistics
  • 6: show cmdb device cache
  • 7: show logfwd thread stats
  • 8: show tasklist statistics
  • 9: show unreg dev cache
  • 10: log cluster bridge stats
  • 12: show HA group cache
  • 13: show file fwd stats
  • 14: show fct software inventory cache
  • 15: show fgt interface stats
  • 16: show fos-auto device dump. [dev] to dump device list
  • 17: show device logging rate & rate-limit. [enable] to force tracking log-rate or [disable] to track only rate-limited devices. [config] to show config
  • 18: show fgt policy info, [dev] to dump device list
  • 21: dump oftp-restapi-sched stats
  • 22: dump oftp-restapi-sched status
  • 23: dump oftp csf member status
  • 30: dump csf groups data in all adoms in json string
  • 31: show csf groups update stats
  • 32: reschedule all restapi task for designated devid
  • 40: test loading a CA cert from local path
  • 50: display logtypes for all devid
  • 60: display login requests stats
  • 80: set region
  • 90: reload un-reg device tree
  • 91: delete designated csf group
  • 92: reload reg dev cache
  • 95: debug output
  • 99: restart daemon

rptchkd <integer> ...

Sqlrptcache daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: list adoms
  • 6: list schedules
  • 55: re-check an adom
  • 99: restart daemon
  • 910: enable rptchkd
  • 911: disable rptchkd

scansched <integer> ...

Scansched daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 11: show ioc-rescan task status
  • 99: restart daemon

siemagentd <integer> ...

Siemagentd daemon test usage:

  • 1: show PID

  • 2: show daemon statistics

  • 3: show daemon worker statistics

  • 4: show daemon worker status stats

  • 5: show supported device-log types

  • 11: worker process run

  • 12: worker process suspend

  • 13: worker process exit

  • 20: show the siem stream storage info

  • 21: show the latest siem stream submitted in redis

  • 99: restart daemon

  • 200: diag for log based alert (event mgmt)

  • 205: diag for endpoint and enduser

siemdbd <integer> ...

Siemdbd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)

  • 2: show statistics and state

  • 3: show running processes

  • 4: show writers info

  • 5: show splitter info

  • 6: show Adom database info

  • 7: show trimmer info

  • 8: show the shared Materialized View disk usage info

  • 9: set/reset max memory usage ratio

  • 10: add or drop skip indices on SIEM table

  • 41: show writer 1 info

  • 42: show writer 2 info

  • 43: show writer 3 info

  • 97: clear redis stream

  • 99: restart daemon

snmpd <integer> ...

SNMP daemon test usage:

  • 1: display daemon pid
  • 2: display snmp statistics
  • 3: clear snmp statistics
  • 4: generate test trap (cpu high)
  • 5: generate test traps (log alert, rate, data rate)
  • 6: generate test traps (licensed gb/day, device quota)
  • 99: restart daemon

sqllogd <integer> ...

SqlLog daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: show worker init state
  • 4: show worker thread info
  • 5: show log device scan info, optionally filter by <devid>
  • 7: show ADOM device list by <adom-name>
  • 8: show logUID info
  • 9: show ADOM scan sync info, optionally filter by <adom>
  • 10: show FortiClient dev to sql-ID (sID) map
  • 11: show devtable cache info
  • 12: show intfrole cache info
  • 41: show worker 1 info
  • 51: show worker 1 registered log devices
  • 61: show worker 1 open log file cache
  • 70: show sql database building progress
  • 71: show the progress of upgrading log files into per-vdom storage
  • 72: run the upgrading log files into per-vdom storage
  • 80: show daemon status flags
  • 81: show debug zone devices status
  • 82: show all adoms with member devices or filer by <adom-name>
  • 83: show all registered logdevs
  • 84: show all unreg logdevs
  • 85: show fazid map stats
  • 91: diag worker devvd loadbalance
  • 95: request to rebuild SQL database for local event logs
  • 96: resend all pending batch files to sqlplugind
  • 97: rebuilding warm restart
  • 98: set worker assignment to policy 'round-robin' or 'adom-affinity', daemon will restart on policy change.
  • 99: restart daemon
  • 200: diag for log based alert (event mgmt) ..
  • 201: diag for utmref cache ..
  • 202: diag for fgt-fct corelation ..
  • 203: diag for logstat ..
  • 204: diag for IoC ..
  • 205: diag for endpoint and enduser ..
  • 206: diag for ueba ..
  • 207: diag for FSA scan session ..
  • 208: diag for audit report event process ..
  • 209: diag for shadow it info ..
  • 221: estimated browsing time stats
  • 222: fsa devmap cache info
  • 224: fgt lograte cache info
  • 225: dump enum field error cache
  • 226: reset enum field error cache
  • 227: dump tz field error cache
  • 228: reset tz field error cache

sqlplugind <integer> ...

Sqlplugind daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats
  • 3: show SIEM table stats
  • 4: show table compressor stats
  • 5: show table compressor Adom stats
  • 6: show table slow upgrade info
  • 91: scan hcache query templates and clean up unused
  • 98: scan and clean zombie cstore files
  • 99: restart daemon

sqlreportd <integer> ...

Sqlreportd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats
  • 3: show restorable table schema
  • 4: show restorable table status
  • 99: restart daemon

sqlrptcached <integer> ...

Sqlrptcache daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: reset statistics and state
  • 5: dump auto-cache charts
  • 99: restart daemon

syncsched <integer> ...

Syncsched daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show report nodes states
  • 3: show report syncing state
  • 4: show ha sync peers
  • 5: reset ha sync queue
  • 6: show ha elog sync
  • 10: sync reports with peer
  • 11: fsync stat
  • 12: fsync reload
  • 13: trim sync dir stat
  • 99: restart daemon

uploadd <integer> ...

Uploadd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show uploadd queues content
  • 5: show upload server state
  • 50: clear log queue [mirror server1]
  • 51: clear log queue [mirror server2]
  • 52: clear log queue [mirror server3]
  • 53: clear log queue [backup]
  • 54: clear log queue [original request]
  • 55: clear log queues [all]
  • 56: clear report queue
  • 60: cloud storage bget backlog info
  • 61: cloud storage get setting pending info <setting name>
  • 62: cloud storage test connector <connector> <remote path>
  • 63: cloud storage get usage info
  • 99: restart daemon

test connection

Test the connection to the mail server and syslog server.

Syntax

diagnose test connection fortianalyzer <ip>

diagnose test connection mailserver <server-name> <mail-from> <mail-to>

diagnose test connection syslogserver <server-name>

Variable

Description

fortianalyzer <ip>

Test the connection to the FortiAnalyzer.

mailserver <server-name> <mail-from> <mail-to>

Test the connection to the mail server.

syslogserver <server-name>

Test the connection to the syslog server.

test policy-check

Check policy consistency.

Syntax

diagnose test policy-check flush

diagnose test policy-check list

Variable

Description

flush

Flush all policy check sessions.

list

List all policy check sessions.

test search

Test the search daemon.

Syntax

diagnose test search flush

diagnose test search list

Variable

Description

flush

Flush all search sessions.

list

List all search sessions.

test sftp

Use this command to test the secure file transfer protocol (SFTP) scheduled backup.

Syntax

diagnose test sftp auth <sftp server> <username> <password> <directory>

Variable

Description

<sftp server>

SFTP server IP address.

<username>

SFTP server username.

<password>

SFTP server password.

<directory>

The directory on the SFTP server where you want to put the file (default = /).