Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

debug

Use the following commands to debug the FortiManager.

debug application

Use this command to view or set the debug levels for the FortiManager applications. All of the debug levels are 0 by default.

Syntax

diagnose debug application alertmail <integer>

diagnose debug application apiproxyd <integer>

diagnose debug application clusterd <integer>

diagnose debug application curl <integer>

diagnose debug application ddmd <integer> [deviceName]

diagnose debug application depmanager <integer>

diagnose debug application dmapi <integer>

diagnose debug application dns <integer>

diagnose debug application execmd <integer>

diagnose debug application fazcfgd <integer>

diagnose debug application fazmaild <integer>

diagnose debug application faznotify <integer>

diagnose debug application fazsvcd <integer>

diagnose debug application fazwatchd <integer>

diagnose debug application fdssvrd <integer>

diagnose debug application fgdsvr <integer>

diagnose debug application fgdupd <integer>

diagnose debug application fgfmsd <integer> [deviceName]

diagnose debug application filefwd <integer>

diagnose debug application fnbam <integer>

diagnose debug application fortilogd <integer>

diagnose debug application FortiManagerws <integer>

diagnose debug application fortimeter <integer>

diagnose debug application gui <integer>

diagnose debug application ha <integer>

diagnose debug application ipsec <integer>

diagnose debug application localmod <integer>

diagnose debug application logd <integer>

diagnose debug application log-fetchd <integer>

diagnose debug application logfiled <integer>

diagnose debug application logfwd <integer>

diagnose debug application lrm <integer>

diagnose debug application ntpd <integer>

diagnose debug application oftpd <integer> [IP/deviceSerial/deviceName]

diagnose debug application ptmgr <integer>

diagnose debug application ptsessionmgr <integer>

diagnose debug application rptchkd <integer>

diagnose debug application scheduled <integer>

diagnose debug application securityconsole <integer>

diagnose debug application snmpd <integer>

diagnose debug application sql_dashboard_rpt <integer>

diagnose debug application sql-integration <integer>

diagnose debug application sqllogd <integer>

diagnose debug application sqlplugind <integer>

diagnose debug application sqlrptcached <integer>

diagnose debug application srchd <integer>

diagnose debug application ssh <integer>

diagnose debug application sshd <integer>

diagnose debug application storaged <integer>

diagnose debug application syncsched <integer>

diagnose debug application uploadd <integer>

diagnose debug application vmd <integer>

Variable

Description

alertmail <integer>

Set the debug level of the alert email daemon.

apiproxyd <integer>

Set the debug level of the API proxy daemon.

clusterd <integer>

Set the debug level of the clusterd daemon.

curl <integer>

Set the debug level of the curl daemon. Use this CLI command to enable debug for monitoring progress when performing a backup/restore of a large database via FTP.

ddmd <integer> [deviceName]

Set the debug level of the dynamic data monitor. Enter a device name to only show messages related to that device.

depmanager <integer>

Set the debug level of the deployment manager.

dmworker <integer>

Set the debug level of the deployment manager worker.

dmapi <integer>

Set the debug level of the dmapi daemon.

dns <integer>

Set the debug level of the DNS daemon

execmd <integer>

Set the debug level of the execmd daemon.

fazcfgd <integer>

Set the debug level of the fazcfgd daemon.

fazmaild <integer>

Set the debug level of the fazmaild daemon.

faznotify <integer>

Set the debug level of the faznotify daemon.

fazsvcd <integer>

Set the debug level of the fazsvcd daemon.

fazwatchd <integer>

Set the debug level of the fazwatchd daemon.

fdssvrd <integer>

Set the debug level of the FDS server daemon.

fgdsvr <integer>

Set the debug level of the FortiGuard query daemon.

fgdupd <integer>

Set the debug level of the FortiGuard update daemon.

fgfmsd <integer> [deviceName]

Set the debug level of FGFM daemon. Enter a device name to only show messages related to that device.

filefwd <integer>

Set the debug level of the filefwd daemon.

fnbam <integer>

Set the debug level of the Fortinet authentication module.

fortilogd <integer>

Set the debug level of the fortilogd daemon.

fortimanagerws <integer>

Set the debug level of the FortiManager Web Service.

fortimeter <integer>

Set the debug level of the Fortimeter.

gui <integer>

Set the debug level of the GUI.

ha <integer>

Set the debug level of high availability daemon.

ipsec <integer>

Set the debug level of the IPsec daemon.

localmod <integer>

Set the debug level of the localmod daemon.

logd <integer>

Set the debug level of the log daemon.

log-fetched <integer>

Set the debug level for the log-fetched.

logfiled <integer>

Set the debug level of the logfilled daemon.

logfwd <integer>

Set the debug level of the logfwd daemon.

lrm <integer>

Set the debug level of the Log and Report Manager.

ntpd <integer>

Set the debug level of the NTP daemon.

oftpd <integer> [IP/deviceSerial/deviceName]

Set the debug level of the oftpd daemon. Enter an IPv4 address, device serial number, or device name to only show messages related to that device or IPv4 address.

ptmgr <integer>

Set the debug level of the Portal Manager.

ptsessionmgr <integer>

Set the debug level of the Portal Session Manager.

rptchkd <integer>

Set the debug level of the rptchkd daemon.

scheduled <integer>

Set the debug level of the schedule task daemon.

securityconsole <integer>

Set the debug level of the security console daemon.

snmpd <integer>

Set the debug level of the SNMP daemon.

sql_dashboard_rpt <integer>

Set the debug level of the SQL dashboard report daemon.

sql-integration <integer>

Set the debug level of SQL applications.

sqllogd <integer>

Set the debug level of SQL log daemon.

sqlplugind <integer>

Set the debug level of the SQL plugin daemon.

sqlrptcached <integer>

Set the debug level of the SQL report caching daemon.

srchd <integer>

Set the debug level of the SRCH daemon.

ssh <integer>

Set the debug level of SSH protocol transactions.

sshd <integer>

Set the debug level of the SSH daemon.

storaged <integer>

Set the debug level of communication with java clients.

syncsched <integer>

Set the debug level of the syncsched daemon.

uploadd <integer>

Set the debug level of the upload daemon.

vmd <integer>

Set the debug level for vmd.

Example

This example shows how to set the debug level to 7 for the upload daemon:

diagnose debug application uploadd 7

debug backup-oldformat-script-logs

Use this command to backup script log files that failed to be upgraded to the FTP server.

Syntax

diagnose debug backup-oldformat-script-logs <ip> <string> <username> <password>

Variable

Description

<ip>

Enter the FTP server IP address.

<string>

Enter the path/filename to save the log to the FTP server.

<username>

Enter the user name on the FTP server.

<password>

Enter the password associated with the user name.

debug cli

Use this command to set the debug level of CLI.

Syntax

diagnose debug cli <integer>

Variable

Description

<integer>

Set the debug level of the CLI (0 - 8, default = 3).

debug console

Use this command to enable or disable console debugging.

Syntax

diagnose debug console {enable | disable}

Variable

Description

{enable | disable}

Enable/disable console debugging.

debug crashlog

Use this command to manage crash logs.

Syntax

diagnose debug crashlog clear

diagnose debug crashlog read

Variable

Description

clear

Delete backtrace and core files.

read

Show the crash logs. This command is hidden.

debug disable

Use this command to disable debug.

Syntax

diagnose debug disable

debug dpm

Use this command to manage the deployment manager.

Syntax

diagnose debug dpm comm-trace {enable | disable | status}

diagnose debug dpm conf-trace {enable | disable | status}

diagnose debug dpm probe-device <ip>

Variable

Description

comm-trace {enable | disable | status}

Enable/disable a DPM to FortiGate communication trace, or view the status of it.

conf-trace {enable | disable | status}

Enable/disable a DPM to FortiGate configuration trace, or view the status of it.

probe-device <ip>

Check device status.

debug enable

Use this command to enable debug.

Syntax

diagnose debug enable

debug info

Use this command to show active debug level settings.

Syntax

diagnose debug info

debug klog

Use this command to show all kernel logs.

Syntax

diagnose debug klog

debug reset

Use this command reset the debug level settings. All debug settings will be reset.

Syntax

diagnose debug reset

debug service

Use this command to view or set the debug level of various service daemons.

Syntax

diagnose debug service cdb <integer>

diagnose debug service cmdb <integer>

diagnose debug service csf <integer>

diagnose debug service dvmcmd <integer>

diagnose debug service dvmdb <integer>

diagnose debug service fazconf <integer>

diagnose debug service main <integer>

daignose debug service sys <integer>

diagnose debug service task <integer>

Variable

Description

<integer>

The debug level

debug sysinfo

Use this command to show system information.

Syntax

diagnose debug sysinfo

debug sysinfo-log

Use this command to generate one system log information log file every two minutes.

Syntax

diagnose debug sysinfo-log {on | off}

debug sysinfo-log-backup

Use this command to backup all system information log files to an FTP server.

Syntax

diagnose debug sysinfo-log-backup <server> <filepath> <user> <password>

Variable

Description

<server>

Enter the FTP server IPv4 address.

<filepath>

Enter the path/filename to save the log to the FTP server.

<user>

Enter the user name for the FTP server.

<password>

Enter the password associated with the user name.

debug sysinfo-log-list

Use this command to show system information elogs.

Syntax

diagnose debug sysinfo-log-list <integer>

Variable

Description

<integer>

Display the last n elogs (default = 10).

debug timestamp

Use this command to enable/disable debug timestamp.

Syntax

diagnose debug timestamp {enable | disable}

debug vminfo

Use this command to show VM license information.

This command is only available on FortiManager VM models.

Syntax

diagnose debug vminfo

debug

Use the following commands to debug the FortiManager.

debug application

Use this command to view or set the debug levels for the FortiManager applications. All of the debug levels are 0 by default.

Syntax

diagnose debug application alertmail <integer>

diagnose debug application apiproxyd <integer>

diagnose debug application clusterd <integer>

diagnose debug application curl <integer>

diagnose debug application ddmd <integer> [deviceName]

diagnose debug application depmanager <integer>

diagnose debug application dmapi <integer>

diagnose debug application dns <integer>

diagnose debug application execmd <integer>

diagnose debug application fazcfgd <integer>

diagnose debug application fazmaild <integer>

diagnose debug application faznotify <integer>

diagnose debug application fazsvcd <integer>

diagnose debug application fazwatchd <integer>

diagnose debug application fdssvrd <integer>

diagnose debug application fgdsvr <integer>

diagnose debug application fgdupd <integer>

diagnose debug application fgfmsd <integer> [deviceName]

diagnose debug application filefwd <integer>

diagnose debug application fnbam <integer>

diagnose debug application fortilogd <integer>

diagnose debug application FortiManagerws <integer>

diagnose debug application fortimeter <integer>

diagnose debug application gui <integer>

diagnose debug application ha <integer>

diagnose debug application ipsec <integer>

diagnose debug application localmod <integer>

diagnose debug application logd <integer>

diagnose debug application log-fetchd <integer>

diagnose debug application logfiled <integer>

diagnose debug application logfwd <integer>

diagnose debug application lrm <integer>

diagnose debug application ntpd <integer>

diagnose debug application oftpd <integer> [IP/deviceSerial/deviceName]

diagnose debug application ptmgr <integer>

diagnose debug application ptsessionmgr <integer>

diagnose debug application rptchkd <integer>

diagnose debug application scheduled <integer>

diagnose debug application securityconsole <integer>

diagnose debug application snmpd <integer>

diagnose debug application sql_dashboard_rpt <integer>

diagnose debug application sql-integration <integer>

diagnose debug application sqllogd <integer>

diagnose debug application sqlplugind <integer>

diagnose debug application sqlrptcached <integer>

diagnose debug application srchd <integer>

diagnose debug application ssh <integer>

diagnose debug application sshd <integer>

diagnose debug application storaged <integer>

diagnose debug application syncsched <integer>

diagnose debug application uploadd <integer>

diagnose debug application vmd <integer>

Variable

Description

alertmail <integer>

Set the debug level of the alert email daemon.

apiproxyd <integer>

Set the debug level of the API proxy daemon.

clusterd <integer>

Set the debug level of the clusterd daemon.

curl <integer>

Set the debug level of the curl daemon. Use this CLI command to enable debug for monitoring progress when performing a backup/restore of a large database via FTP.

ddmd <integer> [deviceName]

Set the debug level of the dynamic data monitor. Enter a device name to only show messages related to that device.

depmanager <integer>

Set the debug level of the deployment manager.

dmworker <integer>

Set the debug level of the deployment manager worker.

dmapi <integer>

Set the debug level of the dmapi daemon.

dns <integer>

Set the debug level of the DNS daemon

execmd <integer>

Set the debug level of the execmd daemon.

fazcfgd <integer>

Set the debug level of the fazcfgd daemon.

fazmaild <integer>

Set the debug level of the fazmaild daemon.

faznotify <integer>

Set the debug level of the faznotify daemon.

fazsvcd <integer>

Set the debug level of the fazsvcd daemon.

fazwatchd <integer>

Set the debug level of the fazwatchd daemon.

fdssvrd <integer>

Set the debug level of the FDS server daemon.

fgdsvr <integer>

Set the debug level of the FortiGuard query daemon.

fgdupd <integer>

Set the debug level of the FortiGuard update daemon.

fgfmsd <integer> [deviceName]

Set the debug level of FGFM daemon. Enter a device name to only show messages related to that device.

filefwd <integer>

Set the debug level of the filefwd daemon.

fnbam <integer>

Set the debug level of the Fortinet authentication module.

fortilogd <integer>

Set the debug level of the fortilogd daemon.

fortimanagerws <integer>

Set the debug level of the FortiManager Web Service.

fortimeter <integer>

Set the debug level of the Fortimeter.

gui <integer>

Set the debug level of the GUI.

ha <integer>

Set the debug level of high availability daemon.

ipsec <integer>

Set the debug level of the IPsec daemon.

localmod <integer>

Set the debug level of the localmod daemon.

logd <integer>

Set the debug level of the log daemon.

log-fetched <integer>

Set the debug level for the log-fetched.

logfiled <integer>

Set the debug level of the logfilled daemon.

logfwd <integer>

Set the debug level of the logfwd daemon.

lrm <integer>

Set the debug level of the Log and Report Manager.

ntpd <integer>

Set the debug level of the NTP daemon.

oftpd <integer> [IP/deviceSerial/deviceName]

Set the debug level of the oftpd daemon. Enter an IPv4 address, device serial number, or device name to only show messages related to that device or IPv4 address.

ptmgr <integer>

Set the debug level of the Portal Manager.

ptsessionmgr <integer>

Set the debug level of the Portal Session Manager.

rptchkd <integer>

Set the debug level of the rptchkd daemon.

scheduled <integer>

Set the debug level of the schedule task daemon.

securityconsole <integer>

Set the debug level of the security console daemon.

snmpd <integer>

Set the debug level of the SNMP daemon.

sql_dashboard_rpt <integer>

Set the debug level of the SQL dashboard report daemon.

sql-integration <integer>

Set the debug level of SQL applications.

sqllogd <integer>

Set the debug level of SQL log daemon.

sqlplugind <integer>

Set the debug level of the SQL plugin daemon.

sqlrptcached <integer>

Set the debug level of the SQL report caching daemon.

srchd <integer>

Set the debug level of the SRCH daemon.

ssh <integer>

Set the debug level of SSH protocol transactions.

sshd <integer>

Set the debug level of the SSH daemon.

storaged <integer>

Set the debug level of communication with java clients.

syncsched <integer>

Set the debug level of the syncsched daemon.

uploadd <integer>

Set the debug level of the upload daemon.

vmd <integer>

Set the debug level for vmd.

Example

This example shows how to set the debug level to 7 for the upload daemon:

diagnose debug application uploadd 7

debug backup-oldformat-script-logs

Use this command to backup script log files that failed to be upgraded to the FTP server.

Syntax

diagnose debug backup-oldformat-script-logs <ip> <string> <username> <password>

Variable

Description

<ip>

Enter the FTP server IP address.

<string>

Enter the path/filename to save the log to the FTP server.

<username>

Enter the user name on the FTP server.

<password>

Enter the password associated with the user name.

debug cli

Use this command to set the debug level of CLI.

Syntax

diagnose debug cli <integer>

Variable

Description

<integer>

Set the debug level of the CLI (0 - 8, default = 3).

debug console

Use this command to enable or disable console debugging.

Syntax

diagnose debug console {enable | disable}

Variable

Description

{enable | disable}

Enable/disable console debugging.

debug crashlog

Use this command to manage crash logs.

Syntax

diagnose debug crashlog clear

diagnose debug crashlog read

Variable

Description

clear

Delete backtrace and core files.

read

Show the crash logs. This command is hidden.

debug disable

Use this command to disable debug.

Syntax

diagnose debug disable

debug dpm

Use this command to manage the deployment manager.

Syntax

diagnose debug dpm comm-trace {enable | disable | status}

diagnose debug dpm conf-trace {enable | disable | status}

diagnose debug dpm probe-device <ip>

Variable

Description

comm-trace {enable | disable | status}

Enable/disable a DPM to FortiGate communication trace, or view the status of it.

conf-trace {enable | disable | status}

Enable/disable a DPM to FortiGate configuration trace, or view the status of it.

probe-device <ip>

Check device status.

debug enable

Use this command to enable debug.

Syntax

diagnose debug enable

debug info

Use this command to show active debug level settings.

Syntax

diagnose debug info

debug klog

Use this command to show all kernel logs.

Syntax

diagnose debug klog

debug reset

Use this command reset the debug level settings. All debug settings will be reset.

Syntax

diagnose debug reset

debug service

Use this command to view or set the debug level of various service daemons.

Syntax

diagnose debug service cdb <integer>

diagnose debug service cmdb <integer>

diagnose debug service csf <integer>

diagnose debug service dvmcmd <integer>

diagnose debug service dvmdb <integer>

diagnose debug service fazconf <integer>

diagnose debug service main <integer>

daignose debug service sys <integer>

diagnose debug service task <integer>

Variable

Description

<integer>

The debug level

debug sysinfo

Use this command to show system information.

Syntax

diagnose debug sysinfo

debug sysinfo-log

Use this command to generate one system log information log file every two minutes.

Syntax

diagnose debug sysinfo-log {on | off}

debug sysinfo-log-backup

Use this command to backup all system information log files to an FTP server.

Syntax

diagnose debug sysinfo-log-backup <server> <filepath> <user> <password>

Variable

Description

<server>

Enter the FTP server IPv4 address.

<filepath>

Enter the path/filename to save the log to the FTP server.

<user>

Enter the user name for the FTP server.

<password>

Enter the password associated with the user name.

debug sysinfo-log-list

Use this command to show system information elogs.

Syntax

diagnose debug sysinfo-log-list <integer>

Variable

Description

<integer>

Display the last n elogs (default = 10).

debug timestamp

Use this command to enable/disable debug timestamp.

Syntax

diagnose debug timestamp {enable | disable}

debug vminfo

Use this command to show VM license information.

This command is only available on FortiManager VM models.

Syntax

diagnose debug vminfo