Fortinet black logo

CLI Reference

system

system

Use the following commands for system related settings.

system admin-session

Use this command to view and kill log in sessions.

Syntax

diagnose system admin-session kill <sid>

diagnose system admin-session list

diagnose system admin-session status

Variable

Description

kill <sid>

Kill a current session.

  • <sid>: Session ID

list

List log in sessions.

status

Show the current session.

system disk

Use this command to view disk diagnostic information.

Only usage is available on FortiAnalyzer-VM. Other disk related commands are only available on the hardware-based FortiAnalyzer.

Syntax

diagnose system disk attributes

diagnose system disk delete

diagnose system disk disable

diagnose system disk enable

diagnose system disk health

diagnose system disk info

diagnose system disk errors

diagnose system disk usage <parameter> <parameter> <parameter> <parameter> <parameter> <parameter> <parameter> <parameter> <parameter> <parameter>

Variable

Description

attributes

Show vendor specific SMART attributes.

delete

Delete the disk.

disable

Disable SMART support.

enable

Enable SMART support.

health

Show the SMART health status.

info

Show the SMART information.

errors

Show the SMART error logs.

usage <parameter> ... <parameter>

Display the disk usage. Enter a parameter.

Parameter

Description

-a

Show file sizes.

-L

Follow all symlinks.

-H

Follow symlinks on the command line.

-d N

Limit output to directories (and files with -a) of depth < N.

-c

Show the grand total.

-l

Count sizes many times if hard linked.

-s

Display only a total for each argument.

-x

Skip directories on different file systems.

-h

Sizes in human readable format (e.g., 1K 243M 2G).

-m

Sizes in megabytes.

-k

Sizes in kilobytes (default).

system export

Use this command to export logs.

Syntax

diagnose system export crashlog <ftp server> <username> <password> <directory> <filename>

diagnose system export fmwslog {ftp | sftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

diagnose system export raidlog <ftp server> <username> <password> [remote path] [filename]

diagnose system export umlog {ftp | sftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

diagnose system export upgradelog <ftp server> <username> <password> <directory> <filename>

diagnose system export vartmp <ftp server> <username> <password> <directory> <filename>

Variable

Description

crashlog <ftp server> <username> <password> <directory> <filename>

Export the crash log.

fmwslog {ftp | sftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

Export the web service log files.

The type is the log file prefix and can be: SENT, RECV, or TEST.

raidlog <ftp server> <username> <password> [remote path] [filename]

Export the RAID log.

This command is only available on devices that support RAID.

umlog {ftp | sftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

Export the update manager and firmware manager log files.

The type options are: fdslinkd, fctlinkd, fgdlinkd, fgdsvr, update, service, misc, umad, and fwmlinkd

upgradelog <ftp server> <username> <password> <directory> <filename>

Export the upgrade error log.

vartmp <ftp server> <username> <password> <directory> <filename>

Export the system log files in /var/tmp.

system flash

Use this command to diagnose the flash memory.

Syntax

diagnose system flash list

Variable

Description

list

List flash images.

The information displayed includes the image name, version, total size (KB), used (KB), percent used, boot image, and running image.

system fsck

Use this command to check and repair the file system, and to reset the disk mount count.

Syntax

diagnose system fsck harddisk

diagnose system fsck reset-mount-count

Variable

Description

harddisk

Check and repair the file system, then reboot the system.

reset-mount-count

Reset the mount-count of the disk on the next reboot.

system geoip

Use these commands to get geoip information.

FortiAnalyzer uses a MaxMind GeoLite database of mappings between geographic regions and all public IPv4 addresses that are known to originate from them.

Syntax

diagnose system geoip dump

diagnose system geoip info

diagnose system geoip ip <ip>

Variable

Description

dump

Display all geographic IP information.

info

Display a brief geography IP information.

ip <ip>

Find the specified IP address' country.

Example

Find the country of the IP address 4.3.2.1:

FAZVM64 # diagnose system geoip ip 4.3.2.1

4.3.2.1 : US - United States

system geoip-city

Use these commands to get geographic IP information at a city level.

Syntax

diagnose system geoip-city info

diagnose system geoip-city ip <ip>

Variable

Description

info

Display geographic IP information.

ip <ip>

Find the specified IP address' city.

system interface

Use this command to diagnose the interface.

Syntax

diagnose system interface segmentation-offload <intf-name> <action>

Variable

Description

segmentation-offload <intf-name> <action>

Print/set segmentation-offload for all interfaces:

  • <intf-name>: Enter the interface name (or enter all for all interfaces)

  • <action>: Enter one of show/on/off to show or switch on/off interfaces

system mapserver

Use this command to access the map server informantion.

Syntax

diagnose system mapserver get

diagnose system mapserver reset

diagnose system mapserver set <url>

diagnose system mapserver test

Variable

Description

get

Get the current map server.

reset

Reset the map server session.

set <url>

Set the map server. Enter the map server URL.

test

Test the map server connection.

system ntp

Use this command to list NTP server information.

Syntax

diagnose system ntp status

Variable

Description

status

List NTP server information.

system print

Use this command to print server information.

Syntax

diagnose system print connector [adom] <server_type> <server> <tag>

diagnose system print cpuinfo

diagnose system print df [arg0] [arg1] [arg2] .... [arg9]

diagnose system print hosts

diagnose system print interface <interface>

diagnose system print loadavg

diagnose system print netstat

diagnose system print partitions

diagnose system print route

diagnose system print rtcache

diagnose system print slabinfo

diagnose system print sockets

diagnose system print uptime

Variable

Description

connector [adom] <server_type> <server> <tag>

Print connector information. Enter the ADOM name, or Global, the server type (pxGrid, clearpass, or nsx), and then the server name.

cpuinfo

Print the CPU information.

df [arg0] [arg1] [arg2] .... [arg9]

Print the file system disk space usage. Optionally, enter arguments.

hosts

Print the static table lookup for host names.

interface <interface>

Print the specified interface's information.

loadavg

Print the average load of the system.

netstat

Print the network statistics for active Internet connections (servers and established).

partitions

Print the disk partition information.

route

Print the main route list.

rtcache

Print the contents of the routing cache.

slabinfo

Print the slab allocator statistics.

sockets

Print the currently used socket ports.

uptime

Print how long the system has been running.

system process

Use this command to view and kill processes.

Syntax

diagnose system process fdlist <pid>

diagnose system process kill -<signal> <pid>

diagnose system process killall {Scriptmgr | deploymgr | fgfm}

diagnose system process list

Variable

Description

fdlist <pid>

List all file descriptors that the process is using.

  • <pid>: Process ID

kill -<signal> <pid>

Kill a process:

  • -<signal>: Signal name or number, such as -9 or -KILL
  • <pid>: Process ID

killall {Scriptmgr | deploymgr | fgfm}

Kill all the related processes.

list

List all processes running on the FortiAnalyzer. The information displayed includes the PID, user, VSZ, stat, and command.

system raid

Use this command to view RAID information.

This command is only available on hardware-based FortiAnalyzer models that support RAID.

Syntax

diagnose system raid cc <rate> <delay>

diagnose system raid hwinfo

diagnose system raid status

Variable

Description

cc <rate> <delay>

Show/Set RAID consistency check rate (1-100%, 0 = no change) and delay (1-8760 hours, 0 = no change).

hwinfo

Show RAID controller hardware information.

status

Show RAID status.

system route

Use this command to help diagnose routes. The listed information includes the destination IP, gateway IP, netmask, flags, metric, reference, use, and interface for each IPv4 route.

The following flags can appear in the route list table:

  • U: the route is up

  • G: the route is to a gateway

  • H: the route is to a host rather than a network

  • D: the route was dynamically created by a redirect

  • M: the route was modified by a redirect

Syntax

diagnose system route list

system route6

Use this command to help diagnose routes. The listed information includes the destination IP, gateway IP, netmask, flags, metric, reference, use, and interface for each IPv6 route.

For a list of flags that can appear in the route6 list table, see information for the diagnose system route list command above.

Syntax

diagnose system route6 list

system server

Use this command to start the FortiAnalyzer server.

Syntax

diagnose system server start

system

system

Use the following commands for system related settings.

system admin-session

Use this command to view and kill log in sessions.

Syntax

diagnose system admin-session kill <sid>

diagnose system admin-session list

diagnose system admin-session status

Variable

Description

kill <sid>

Kill a current session.

  • <sid>: Session ID

list

List log in sessions.

status

Show the current session.

system disk

Use this command to view disk diagnostic information.

Only usage is available on FortiAnalyzer-VM. Other disk related commands are only available on the hardware-based FortiAnalyzer.

Syntax

diagnose system disk attributes

diagnose system disk delete

diagnose system disk disable

diagnose system disk enable

diagnose system disk health

diagnose system disk info

diagnose system disk errors

diagnose system disk usage <parameter> <parameter> <parameter> <parameter> <parameter> <parameter> <parameter> <parameter> <parameter> <parameter>

Variable

Description

attributes

Show vendor specific SMART attributes.

delete

Delete the disk.

disable

Disable SMART support.

enable

Enable SMART support.

health

Show the SMART health status.

info

Show the SMART information.

errors

Show the SMART error logs.

usage <parameter> ... <parameter>

Display the disk usage. Enter a parameter.

Parameter

Description

-a

Show file sizes.

-L

Follow all symlinks.

-H

Follow symlinks on the command line.

-d N

Limit output to directories (and files with -a) of depth < N.

-c

Show the grand total.

-l

Count sizes many times if hard linked.

-s

Display only a total for each argument.

-x

Skip directories on different file systems.

-h

Sizes in human readable format (e.g., 1K 243M 2G).

-m

Sizes in megabytes.

-k

Sizes in kilobytes (default).

system export

Use this command to export logs.

Syntax

diagnose system export crashlog <ftp server> <username> <password> <directory> <filename>

diagnose system export fmwslog {ftp | sftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

diagnose system export raidlog <ftp server> <username> <password> [remote path] [filename]

diagnose system export umlog {ftp | sftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

diagnose system export upgradelog <ftp server> <username> <password> <directory> <filename>

diagnose system export vartmp <ftp server> <username> <password> <directory> <filename>

Variable

Description

crashlog <ftp server> <username> <password> <directory> <filename>

Export the crash log.

fmwslog {ftp | sftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

Export the web service log files.

The type is the log file prefix and can be: SENT, RECV, or TEST.

raidlog <ftp server> <username> <password> [remote path] [filename]

Export the RAID log.

This command is only available on devices that support RAID.

umlog {ftp | sftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

Export the update manager and firmware manager log files.

The type options are: fdslinkd, fctlinkd, fgdlinkd, fgdsvr, update, service, misc, umad, and fwmlinkd

upgradelog <ftp server> <username> <password> <directory> <filename>

Export the upgrade error log.

vartmp <ftp server> <username> <password> <directory> <filename>

Export the system log files in /var/tmp.

system flash

Use this command to diagnose the flash memory.

Syntax

diagnose system flash list

Variable

Description

list

List flash images.

The information displayed includes the image name, version, total size (KB), used (KB), percent used, boot image, and running image.

system fsck

Use this command to check and repair the file system, and to reset the disk mount count.

Syntax

diagnose system fsck harddisk

diagnose system fsck reset-mount-count

Variable

Description

harddisk

Check and repair the file system, then reboot the system.

reset-mount-count

Reset the mount-count of the disk on the next reboot.

system geoip

Use these commands to get geoip information.

FortiAnalyzer uses a MaxMind GeoLite database of mappings between geographic regions and all public IPv4 addresses that are known to originate from them.

Syntax

diagnose system geoip dump

diagnose system geoip info

diagnose system geoip ip <ip>

Variable

Description

dump

Display all geographic IP information.

info

Display a brief geography IP information.

ip <ip>

Find the specified IP address' country.

Example

Find the country of the IP address 4.3.2.1:

FAZVM64 # diagnose system geoip ip 4.3.2.1

4.3.2.1 : US - United States

system geoip-city

Use these commands to get geographic IP information at a city level.

Syntax

diagnose system geoip-city info

diagnose system geoip-city ip <ip>

Variable

Description

info

Display geographic IP information.

ip <ip>

Find the specified IP address' city.

system interface

Use this command to diagnose the interface.

Syntax

diagnose system interface segmentation-offload <intf-name> <action>

Variable

Description

segmentation-offload <intf-name> <action>

Print/set segmentation-offload for all interfaces:

  • <intf-name>: Enter the interface name (or enter all for all interfaces)

  • <action>: Enter one of show/on/off to show or switch on/off interfaces

system mapserver

Use this command to access the map server informantion.

Syntax

diagnose system mapserver get

diagnose system mapserver reset

diagnose system mapserver set <url>

diagnose system mapserver test

Variable

Description

get

Get the current map server.

reset

Reset the map server session.

set <url>

Set the map server. Enter the map server URL.

test

Test the map server connection.

system ntp

Use this command to list NTP server information.

Syntax

diagnose system ntp status

Variable

Description

status

List NTP server information.

system print

Use this command to print server information.

Syntax

diagnose system print connector [adom] <server_type> <server> <tag>

diagnose system print cpuinfo

diagnose system print df [arg0] [arg1] [arg2] .... [arg9]

diagnose system print hosts

diagnose system print interface <interface>

diagnose system print loadavg

diagnose system print netstat

diagnose system print partitions

diagnose system print route

diagnose system print rtcache

diagnose system print slabinfo

diagnose system print sockets

diagnose system print uptime

Variable

Description

connector [adom] <server_type> <server> <tag>

Print connector information. Enter the ADOM name, or Global, the server type (pxGrid, clearpass, or nsx), and then the server name.

cpuinfo

Print the CPU information.

df [arg0] [arg1] [arg2] .... [arg9]

Print the file system disk space usage. Optionally, enter arguments.

hosts

Print the static table lookup for host names.

interface <interface>

Print the specified interface's information.

loadavg

Print the average load of the system.

netstat

Print the network statistics for active Internet connections (servers and established).

partitions

Print the disk partition information.

route

Print the main route list.

rtcache

Print the contents of the routing cache.

slabinfo

Print the slab allocator statistics.

sockets

Print the currently used socket ports.

uptime

Print how long the system has been running.

system process

Use this command to view and kill processes.

Syntax

diagnose system process fdlist <pid>

diagnose system process kill -<signal> <pid>

diagnose system process killall {Scriptmgr | deploymgr | fgfm}

diagnose system process list

Variable

Description

fdlist <pid>

List all file descriptors that the process is using.

  • <pid>: Process ID

kill -<signal> <pid>

Kill a process:

  • -<signal>: Signal name or number, such as -9 or -KILL
  • <pid>: Process ID

killall {Scriptmgr | deploymgr | fgfm}

Kill all the related processes.

list

List all processes running on the FortiAnalyzer. The information displayed includes the PID, user, VSZ, stat, and command.

system raid

Use this command to view RAID information.

This command is only available on hardware-based FortiAnalyzer models that support RAID.

Syntax

diagnose system raid cc <rate> <delay>

diagnose system raid hwinfo

diagnose system raid status

Variable

Description

cc <rate> <delay>

Show/Set RAID consistency check rate (1-100%, 0 = no change) and delay (1-8760 hours, 0 = no change).

hwinfo

Show RAID controller hardware information.

status

Show RAID status.

system route

Use this command to help diagnose routes. The listed information includes the destination IP, gateway IP, netmask, flags, metric, reference, use, and interface for each IPv4 route.

The following flags can appear in the route list table:

  • U: the route is up

  • G: the route is to a gateway

  • H: the route is to a host rather than a network

  • D: the route was dynamically created by a redirect

  • M: the route was modified by a redirect

Syntax

diagnose system route list

system route6

Use this command to help diagnose routes. The listed information includes the destination IP, gateway IP, netmask, flags, metric, reference, use, and interface for each IPv6 route.

For a list of flags that can appear in the route6 list table, see information for the diagnose system route list command above.

Syntax

diagnose system route6 list

system server

Use this command to start the FortiAnalyzer server.

Syntax

diagnose system server start