Backing up log files or dumping log messages

When a log issue is caused by a particular log message, it is very help to get logs from that FortiGate. This topic provides steps for using execute log backup or dumping log messages to a USB drive.

Backing up full logs using execute log backup

This command backs up all disk log files and is only available on FortiGates with an SSD disk.

Before running execute log backup, we recommend temporarily stopping miglogd and reportd.

To stop and kill miglogd and reportd:
diagnose sys process daemon-auto-restart disable miglogd
diagnose sys process daemon-auto-restart disable reportd

Or

  1. Determine the process, or thread, ID (PID) of miglogd and reportd:

    # diagnose sys top 10 99
  2. Kill each process:

    # diagnose sys kill 9 <PID>
To store the log file on a USB drive:
  1. Plug in a USB drive into the FortiGate.
  2. Run this command:
     execute log backup /usb/log.tar
To restart miglogd and reportd:
diagnose sys process daemon-auto-restart enable miglogd
diagnose sys process daemon-auto-restart enable reportd

Dumping log messages

To dump log messages: