Fortinet black logo

Administration Guide

Backing up log files or dumping log messages

Backing up log files or dumping log messages

When a log issue is caused by a particular log message, it is very help to get logs from that FortiGate. This topic provides steps for using execute log backup or dumping log messages to a USB drive.

Backing up full logs using execute log backup

This command backs up all disk log files and is only available on FortiGates with an SSD disk.

Before running execute log backup, we recommend temporarily stopping miglogd and reportd.

To stop and kill miglogd and reportd:
diagnose sys process daemon-auto-restart disable miglogd
diagnose sys process daemon-auto-restart disable reportd

Or

  1. Determine the process, or thread, ID (PID) of miglogd and reportd:

    # diagnose sys top 10 99
  2. Kill each process:

    # diagnose sys kill 9 <PID>
To store the log file on a USB drive:
  1. Plug in a USB drive into the FortiGate.
  2. Run this command:
     execute log backup /usb/log.tar
To restart miglogd and reportd:
diagnose sys process daemon-auto-restart enable miglogd
diagnose sys process daemon-auto-restart enable reportd

Dumping log messages

To dump log messages:
  1. Enable log dumping for miglogd daemon:
    (global) # diagnose test application miglogd 26 1
    miglogd(1) log dumping is enabled
  2. Display all miglogd dumping status:
    global) # diagnose test application miglogd 26 0 255
    miglogd(0) log dumping is disabled
    miglogd(1) log dumping is enabled
    miglogd(2) log dumping is disabled
    (global) # diagnose test application miglogd 26 2
    miglogd(2) log dumping is enabled
    
    (global) # diagnose test application miglogd 26 0
    miglogd(0) log dumping is enabled
    
    (global) # diagnose test application miglogd 26 0 255
    miglogd(0) log dumping is enabled
    miglogd(1) log dumping is enabled
    miglogd(2) log dumping is enabled
  3. Let the FortiGate run and collect log messages.
  4. List the log dump files:
    (global) # diagnose test application miglogd 33
    2019-04-17 15:50:02          20828      log-1-0.dat
    2019-04-17 15:48:31           4892      log-2-0.dat
  5. Back up log dump files to the USB drive:
    (global) # diagnose test application miglogd 34
    
    Dumping file miglog1_index0.dat copied to USB disk OK.
    
    Dumping file miglog2_index0.dat copied to USB disk OK.
  6. Disable log dumping for miglogd daemon:
    (global) # diagnose test application miglogd 26 0
    miglogd(0) log dumping is disabled
    
    (global) # diagnose test application miglogd 26 1
    miglogd(1) log dumping is disabled
    
    (global) # diagnose test application miglogd 26 2
    miglogd(2) log dumping is disabled
    
    (global) # diagnose test application miglogd 26 0 255
    miglogd(0) log dumping is disabled
    miglogd(1) log dumping is disabled
    miglogd(2) log dumping is disabled

Backing up log files or dumping log messages

When a log issue is caused by a particular log message, it is very help to get logs from that FortiGate. This topic provides steps for using execute log backup or dumping log messages to a USB drive.

Backing up full logs using execute log backup

This command backs up all disk log files and is only available on FortiGates with an SSD disk.

Before running execute log backup, we recommend temporarily stopping miglogd and reportd.

To stop and kill miglogd and reportd:
diagnose sys process daemon-auto-restart disable miglogd
diagnose sys process daemon-auto-restart disable reportd

Or

  1. Determine the process, or thread, ID (PID) of miglogd and reportd:

    # diagnose sys top 10 99
  2. Kill each process:

    # diagnose sys kill 9 <PID>
To store the log file on a USB drive:
  1. Plug in a USB drive into the FortiGate.
  2. Run this command:
     execute log backup /usb/log.tar
To restart miglogd and reportd:
diagnose sys process daemon-auto-restart enable miglogd
diagnose sys process daemon-auto-restart enable reportd

Dumping log messages

To dump log messages:
  1. Enable log dumping for miglogd daemon:
    (global) # diagnose test application miglogd 26 1
    miglogd(1) log dumping is enabled
  2. Display all miglogd dumping status:
    global) # diagnose test application miglogd 26 0 255
    miglogd(0) log dumping is disabled
    miglogd(1) log dumping is enabled
    miglogd(2) log dumping is disabled
    (global) # diagnose test application miglogd 26 2
    miglogd(2) log dumping is enabled
    
    (global) # diagnose test application miglogd 26 0
    miglogd(0) log dumping is enabled
    
    (global) # diagnose test application miglogd 26 0 255
    miglogd(0) log dumping is enabled
    miglogd(1) log dumping is enabled
    miglogd(2) log dumping is enabled
  3. Let the FortiGate run and collect log messages.
  4. List the log dump files:
    (global) # diagnose test application miglogd 33
    2019-04-17 15:50:02          20828      log-1-0.dat
    2019-04-17 15:48:31           4892      log-2-0.dat
  5. Back up log dump files to the USB drive:
    (global) # diagnose test application miglogd 34
    
    Dumping file miglog1_index0.dat copied to USB disk OK.
    
    Dumping file miglog2_index0.dat copied to USB disk OK.
  6. Disable log dumping for miglogd daemon:
    (global) # diagnose test application miglogd 26 0
    miglogd(0) log dumping is disabled
    
    (global) # diagnose test application miglogd 26 1
    miglogd(1) log dumping is disabled
    
    (global) # diagnose test application miglogd 26 2
    miglogd(2) log dumping is disabled
    
    (global) # diagnose test application miglogd 26 0 255
    miglogd(0) log dumping is disabled
    miglogd(1) log dumping is disabled
    miglogd(2) log dumping is disabled