Backing up log files or dumping log messages
When a log issue is caused by a particular log message, it is very help to get logs from that FortiGate. This topic provides steps for using execute log backup
or dumping log messages to a USB drive.
Backing up full logs using execute log backup
This command backs up all disk log files and is only available on FortiGates with an SSD disk.
Before running execute log backup
, we recommend temporarily stopping miglogd
and reportd
.
To stop and kill miglogd and reportd:
diagnose sys process daemon-auto-restart disable miglogd diagnose sys process daemon-auto-restart disable reportd
Or
-
Determine the process, or thread, ID (PID) of
miglogd
andreportd
:# diagnose sys top 10 99
-
Kill each process:
# diagnose sys kill 9 <PID>
To store the log file on a USB drive:
- Plug in a USB drive into the FortiGate.
- Run this command:
execute log backup /usb/log.tar
To restart miglogd and reportd:
diagnose sys process daemon-auto-restart enable miglogd diagnose sys process daemon-auto-restart enable reportd
Dumping log messages
To dump log messages:
- Enable log dumping for
miglogd
daemon:(global) # diagnose test application miglogd 26 1 miglogd(1) log dumping is enabled
- Display all
miglogd
dumping status:global) # diagnose test application miglogd 26 0 255 miglogd(0) log dumping is disabled miglogd(1) log dumping is enabled miglogd(2) log dumping is disabled
(global) # diagnose test application miglogd 26 2 miglogd(2) log dumping is enabled (global) # diagnose test application miglogd 26 0 miglogd(0) log dumping is enabled (global) # diagnose test application miglogd 26 0 255 miglogd(0) log dumping is enabled miglogd(1) log dumping is enabled miglogd(2) log dumping is enabled
- Let the FortiGate run and collect log messages.
- List the log dump files:
(global) # diagnose test application miglogd 33 2019-04-17 15:50:02 20828 log-1-0.dat 2019-04-17 15:48:31 4892 log-2-0.dat
- Back up log dump files to the USB drive:
(global) # diagnose test application miglogd 34 Dumping file miglog1_index0.dat copied to USB disk OK. Dumping file miglog2_index0.dat copied to USB disk OK.
- Disable log dumping for
miglogd
daemon:(global) # diagnose test application miglogd 26 0 miglogd(0) log dumping is disabled (global) # diagnose test application miglogd 26 1 miglogd(1) log dumping is disabled (global) # diagnose test application miglogd 26 2 miglogd(2) log dumping is disabled (global) # diagnose test application miglogd 26 0 255 miglogd(0) log dumping is disabled miglogd(1) log dumping is disabled miglogd(2) log dumping is disabled