Fortinet white logo
Fortinet white logo

CLI Reference

debug

debug

Use the following commands to debug the FortiManager.

debug application

Use this command to view or set the debug levels for the FortiManager applications. All of the debug levels are 0 by default.

Syntax

diagnose debug application alertmail <integer>

diagnose debug application apiproxyd <integer>

diagnose debug application auth <integer>

diagnose debug application clusterd <integer>

diagnose debug application connector <integer>

diagnose debug application curl <integer>

diagnose debug application ddmd <integer> [deviceName]

diagnose debug application depmanager <integer>

diagnose debug application dmapi <integer>

diagnose debug application dns <integer>

diagnose debug application docker <integer>

diagnose debug application dump

diagnose debug application execmd <integer>

diagnose debug application fazcfgd <integer>

diagnose debug application fazmaild <integer>

diagnose debug application faznotify <integer>

diagnose debug application fazsvcd <integer>

diagnose debug application fazwatchd <integer>

diagnose debug application fdssvrd <integer>

diagnose debug application fgdsvr <integer>

diagnose debug application fgdupd <integer>

diagnose debug application fgfmsd <integer> [deviceName]

diagnose debug application filefwd <integer>

diagnose debug application fileparsed <integer>

diagnose debug application fortilogd <integer>

diagnose debug application FortiManagerws <integer>

diagnose debug application fortimeter <integer>

diagnose debug application gui <integer>

diagnose debug application ha <integer>

diagnose debug application ipsec <integer>

diagnose debug application localmod <integer>

diagnose debug application logd <integer>

diagnose debug application log-fetchd <integer>

diagnose debug application logfiled <integer>

diagnose debug application logfwd <integer>

diagnose debug application lrm <integer>

diagnose debug application ntpd <integer>

diagnose debug application oftpd <integer> [IP/deviceSerial/deviceName]

diagnose debug application ptmgr <integer>

diagnose debug application ptsessionmgr <integer>

diagnose debug application rptchkd <integer>

diagnose debug application rtmmond <integer>

diagnose debug application scansched <integer>

diagnose debug application scheduled <integer>

diagnose debug application securityconsole <integer>

diagnose debug application siemagentd <integer>

diagnose debug application siemdbd <integer>

diagnose debug application sniffer <integer>

diagnose debug application snmpd <integer>

diagnose debug application sql_dashboard_rpt <integer>

diagnose debug application sql-integration <integer>

diagnose debug application sqllogd <integer>

diagnose debug application sqlplugind <integer>

diagnose debug application sqlrptcached <integer>

diagnose debug application srchd <integer>

diagnose debug application ssh <integer>

diagnose debug application sshd <integer>

diagnose debug application storaged <integer>

diagnose debug application syncsched <integer>

diagnose debug application uploadd <integer>

diagnose debug application vmd <integer>

Variable

Description

alertmail <integer>

Set the debug level of the alert email daemon.

apiproxyd <integer>

Set the debug level of the API proxy daemon.

auth <integer>

Set the debug level of the Fortinet authentication module.

clusterd <integer>

Set the debug level of the clusterd daemon.

connector <integer>

Set the debug level of the connector daemon.

curl <integer>

Set the debug level of the curl daemon. Use this CLI command to enable debug for monitoring progress when performing a backup/restore of a large database via FTP.

ddmd <integer> [deviceName]

Set the debug level of the dynamic data monitor. Enter a device name to only show messages related to that device.

depmanager <integer>

Set the debug level of the deployment manager.

dmworker <integer>

Set the debug level of the deployment manager worker.

dmapi <integer>

Set the debug level of the dmapi daemon.

dns <integer>

Set the debug level of the DNS daemon.

docker <integer>

Set the debug level of the Docker daemon.

dump

Dump services.

execmd <integer>

Set the debug level of the execmd daemon.

fazcfgd <integer>

Set the debug level of the fazcfgd daemon.

fazmaild <integer>

Set the debug level of the fazmaild daemon.

faznotify <integer>

Set the debug level of the faznotify daemon.

fazsvcd <integer>

Set the debug level of the fazsvcd daemon.

fazwatchd <integer>

Set the debug level of the fazwatchd daemon.

fdssvrd <integer>

Set the debug level of the FDS server daemon.

fgdsvr <integer>

Set the debug level of the FortiGuard query daemon.

fgdupd <integer>

Set the debug level of the FortiGuard update daemon.

fgfmsd <integer> [deviceName]

Set the debug level of FGFM daemon. Enter a device name to only show messages related to that device.

filefwd <integer>

Set the debug level of the filefwd daemon.

fileparsed <integer>

Set the debug level of the fileparsed daemon.

fortilogd <integer>

Set the debug level of the fortilogd daemon.

fortimanagerws <integer>

Set the debug level of the FortiManager Web Service.

fortimeter <integer>

Set the debug level of the Fortimeter.

gui <integer>

Set the debug level of the GUI.

ha <integer>

Set the debug level of high availability daemon.

ipsec <integer>

Set the debug level of the IPsec daemon.

localmod <integer>

Set the debug level of the localmod daemon.

logd <integer>

Set the debug level of the log daemon.

log-fetched <integer>

Set the debug level for the log-fetched.

logfiled <integer>

Set the debug level of the logfilled daemon.

logfwd <integer>

Set the debug level of the logfwd daemon.

lrm <integer>

Set the debug level of the Log and Report Manager.

ntpd <integer>

Set the debug level of the NTP daemon.

oftpd <integer> [IP/deviceSerial/deviceName]

Set the debug level of the oftpd daemon. Enter an IPv4 address, device serial number, or device name to only show messages related to that device or IPv4 address.

ptmgr <integer>

Set the debug level of the Portal Manager.

ptsessionmgr <integer>

Set the debug level of the Portal Session Manager.

rptchkd <integer>

Set the debug level of the rptchkd daemon.

rtmmond <integer>

Set the debug level of the real time monitor daemon.

scansched <integer>

Set the debug level of the scan schedule daemon.

scheduled <integer>

Set the debug level of the schedule task daemon.

securityconsole <integer>

Set the debug level of the security console daemon.

siemagentd <integer>

Set the debug level of the siemagentd daemon.

siemdbd <integer>

Set the debug level of the siemdbd daemon.

sniffer <integer>

Set the debug level of the interface sniffer.

snmpd <integer>

Set the debug level of the SNMP daemon.

sql_dashboard_rpt <integer>

Set the debug level of the SQL dashboard report daemon.

sql-integration <integer>

Set the debug level of SQL applications.

sqllogd <integer>

Set the debug level of SQL log daemon.

sqlplugind <integer>

Set the debug level of the SQL plugin daemon.

sqlrptcached <integer>

Set the debug level of the SQL report caching daemon.

srchd <integer>

Set the debug level of the SRCH daemon.

ssh <integer>

Set the debug level of SSH protocol transactions.

sshd <integer>

Set the debug level of the SSH daemon.

storaged <integer>

Set the debug level of communication with java clients.

syncsched <integer>

Set the debug level of the syncsched daemon.

uploadd <integer>

Set the debug level of the upload daemon.

vmd <integer>

Set the debug level for vmd.

Example

This example shows how to set the debug level to 7 for the upload daemon:

diagnose debug application uploadd 7

debug backup-oldformat-script-logs

Use this command to backup script log files that failed to be upgraded to the FTP server.

Syntax

diagnose debug backup-oldformat-script-logs <ip> <string> <username> <password>

Variable

Description

<ip>

Enter the FTP server IP address.

<string>

Enter the path/filename to save the log to the FTP server.

<username>

Enter the user name on the FTP server.

<password>

Enter the password associated with the user name.

debug cdbchk

Use these commands to enable or disable CLI CDB check debug output.

Syntax

diagnose debug cdbcheck {enable | disable}

debug cli

Use this command to set the debug level of CLI.

Syntax

diagnose debug cli <integer>

Variable

Description

<integer>

Set the debug level of the CLI (0 - 8, default = 3).

debug console

Use this command to enable or disable console debugging.

Syntax

diagnose debug console {enable | disable}

Variable

Description

{enable | disable}

Enable/disable console debugging.

debug coredump

Use this command to manage daemon and process core dumps.

Syntax

diagnose debug coredump crash-pid <pid>

diagnose debug coredump delete <daemon>

diagnose debug coredump disable <daemon>

diagnose debug coredump disable-pid <pid>

diagnose debug coredump enable <daemon>

diagnose debug coredump enable-once <daemon>

diagnose debug coredump enable-pid <pid>

diagnose debug coredump list

diagnose debug coredump upload <daemon> <service> <ip> <username> <password> <directory>

Variable

Description

crash-pid <pid>

Crash running process for core dump.

delete <daemon>

Delete core dumps for a daemon.

disable <daemon>

Disable core dump for a daemon.

disable-pid <pid>

Disable core dump of running process.

enable <daemon>

Enable core dump for a daemon.

enable-once <daemon>

Enable core dump the next time a daemon starts (one time only).

enable-pid <pid>

Enable core dump of running process.

list

List core dumps.

upload <daemon> <service> <ip> <username> <password> <directory>

Upload core dumps for a daemon to the specified server.

debug crashlog

Use this command to manage crash logs.

Syntax

diagnose debug crashlog clear

diagnose debug crashlog read

Variable

Description

clear

Delete backtrace and core files.

read

Show the crash logs. This command is hidden.

debug disable

Use this command to disable debug.

Syntax

diagnose debug disable

debug dpm

Use this command to manage the deployment manager.

Syntax

diagnose debug dpm comm-trace {enable | disable | status}

diagnose debug dpm conf-trace {enable | disable | status}

diagnose debug dpm probe-device <ip>

Variable

Description

comm-trace {enable | disable | status}

Enable/disable a DPM to FortiGate communication trace, or view the status of it.

conf-trace {enable | disable | status}

Enable/disable a DPM to FortiGate configuration trace, or view the status of it.

probe-device <ip>

Check device status.

debug enable

Use this command to enable debug.

Syntax

diagnose debug enable

debug gui

Use these commands to enable or disable the GUI debug flag.

Syntax

diagnose debug gui {enable | disable}

debug info

Use this command to show active debug level settings.

Syntax

diagnose debug info

debug klog

Use this command to show all kernel logs.

Syntax

diagnose debug klog

debug reset

Use this command reset the debug level settings. All debug settings will be reset.

Syntax

diagnose debug reset

debug service

Use this command to view or set the debug level of various service daemons.

Syntax

diagnose debug service anonymous <integer>

diagnose debug service cdb <integer>

diagnose debug service cmdb <integer>

diagnose debug service csf <integer>

diagnose debug service dbcache <integer>

diagnose debug service dump

diagnose debug service dvmcmd <integer>

diagnose debug service dvmdb <integer>

diagnose debug service fazcmd <integer>

diagnose debug service fazconf <integer>

diagnose debug service httpd <integer>

diagnose debug service main <integer>

diagnose debug service rpc-auth <integer>

diagnose debug service rtm <integer>

diagnose debug service sys <integer>

diagnose debug service task <integer>

Variable

Description

<integer>

The debug level

dump

Dump services.

The anonymous, dbcache, dump, fazcmd, and rpc-auth commands are only available on hardware devices.

debug sysinfo

Use this command to show system information.

Syntax

diagnose debug sysinfo

debug sysinfo-log

Use this command to generate one system log information log file every two minutes.

Syntax

diagnose debug sysinfo-log {on | off}

debug sysinfo-log-backup

Use this command to backup all system information log files to an FTP server.

Syntax

diagnose debug sysinfo-log-backup <server> <filepath> <user> <password>

Variable

Description

<server>

Enter the FTP server IPv4 address.

<filepath>

Enter the path/filename to save the log to the FTP server.

<user>

Enter the user name for the FTP server.

<password>

Enter the password associated with the user name.

debug sysinfo-log-list

Use this command to show system information elogs.

Syntax

diagnose debug sysinfo-log-list <integer>

Variable

Description

<integer>

Display the last n elogs (default = 10).

debug timestamp

Use this command to enable/disable debug timestamp.

Syntax

diagnose debug timestamp {enable | disable}

debug vmd

Use this command to show all the VMD (Virtual Machine Daemon) logs.

Syntax

diagnose debug vmd

debug vminfo

Use this command to show VM license information.

This command is only available on FortiManager VM models.

Syntax

diagnose debug vminfo

debug

debug

Use the following commands to debug the FortiManager.

debug application

Use this command to view or set the debug levels for the FortiManager applications. All of the debug levels are 0 by default.

Syntax

diagnose debug application alertmail <integer>

diagnose debug application apiproxyd <integer>

diagnose debug application auth <integer>

diagnose debug application clusterd <integer>

diagnose debug application connector <integer>

diagnose debug application curl <integer>

diagnose debug application ddmd <integer> [deviceName]

diagnose debug application depmanager <integer>

diagnose debug application dmapi <integer>

diagnose debug application dns <integer>

diagnose debug application docker <integer>

diagnose debug application dump

diagnose debug application execmd <integer>

diagnose debug application fazcfgd <integer>

diagnose debug application fazmaild <integer>

diagnose debug application faznotify <integer>

diagnose debug application fazsvcd <integer>

diagnose debug application fazwatchd <integer>

diagnose debug application fdssvrd <integer>

diagnose debug application fgdsvr <integer>

diagnose debug application fgdupd <integer>

diagnose debug application fgfmsd <integer> [deviceName]

diagnose debug application filefwd <integer>

diagnose debug application fileparsed <integer>

diagnose debug application fortilogd <integer>

diagnose debug application FortiManagerws <integer>

diagnose debug application fortimeter <integer>

diagnose debug application gui <integer>

diagnose debug application ha <integer>

diagnose debug application ipsec <integer>

diagnose debug application localmod <integer>

diagnose debug application logd <integer>

diagnose debug application log-fetchd <integer>

diagnose debug application logfiled <integer>

diagnose debug application logfwd <integer>

diagnose debug application lrm <integer>

diagnose debug application ntpd <integer>

diagnose debug application oftpd <integer> [IP/deviceSerial/deviceName]

diagnose debug application ptmgr <integer>

diagnose debug application ptsessionmgr <integer>

diagnose debug application rptchkd <integer>

diagnose debug application rtmmond <integer>

diagnose debug application scansched <integer>

diagnose debug application scheduled <integer>

diagnose debug application securityconsole <integer>

diagnose debug application siemagentd <integer>

diagnose debug application siemdbd <integer>

diagnose debug application sniffer <integer>

diagnose debug application snmpd <integer>

diagnose debug application sql_dashboard_rpt <integer>

diagnose debug application sql-integration <integer>

diagnose debug application sqllogd <integer>

diagnose debug application sqlplugind <integer>

diagnose debug application sqlrptcached <integer>

diagnose debug application srchd <integer>

diagnose debug application ssh <integer>

diagnose debug application sshd <integer>

diagnose debug application storaged <integer>

diagnose debug application syncsched <integer>

diagnose debug application uploadd <integer>

diagnose debug application vmd <integer>

Variable

Description

alertmail <integer>

Set the debug level of the alert email daemon.

apiproxyd <integer>

Set the debug level of the API proxy daemon.

auth <integer>

Set the debug level of the Fortinet authentication module.

clusterd <integer>

Set the debug level of the clusterd daemon.

connector <integer>

Set the debug level of the connector daemon.

curl <integer>

Set the debug level of the curl daemon. Use this CLI command to enable debug for monitoring progress when performing a backup/restore of a large database via FTP.

ddmd <integer> [deviceName]

Set the debug level of the dynamic data monitor. Enter a device name to only show messages related to that device.

depmanager <integer>

Set the debug level of the deployment manager.

dmworker <integer>

Set the debug level of the deployment manager worker.

dmapi <integer>

Set the debug level of the dmapi daemon.

dns <integer>

Set the debug level of the DNS daemon.

docker <integer>

Set the debug level of the Docker daemon.

dump

Dump services.

execmd <integer>

Set the debug level of the execmd daemon.

fazcfgd <integer>

Set the debug level of the fazcfgd daemon.

fazmaild <integer>

Set the debug level of the fazmaild daemon.

faznotify <integer>

Set the debug level of the faznotify daemon.

fazsvcd <integer>

Set the debug level of the fazsvcd daemon.

fazwatchd <integer>

Set the debug level of the fazwatchd daemon.

fdssvrd <integer>

Set the debug level of the FDS server daemon.

fgdsvr <integer>

Set the debug level of the FortiGuard query daemon.

fgdupd <integer>

Set the debug level of the FortiGuard update daemon.

fgfmsd <integer> [deviceName]

Set the debug level of FGFM daemon. Enter a device name to only show messages related to that device.

filefwd <integer>

Set the debug level of the filefwd daemon.

fileparsed <integer>

Set the debug level of the fileparsed daemon.

fortilogd <integer>

Set the debug level of the fortilogd daemon.

fortimanagerws <integer>

Set the debug level of the FortiManager Web Service.

fortimeter <integer>

Set the debug level of the Fortimeter.

gui <integer>

Set the debug level of the GUI.

ha <integer>

Set the debug level of high availability daemon.

ipsec <integer>

Set the debug level of the IPsec daemon.

localmod <integer>

Set the debug level of the localmod daemon.

logd <integer>

Set the debug level of the log daemon.

log-fetched <integer>

Set the debug level for the log-fetched.

logfiled <integer>

Set the debug level of the logfilled daemon.

logfwd <integer>

Set the debug level of the logfwd daemon.

lrm <integer>

Set the debug level of the Log and Report Manager.

ntpd <integer>

Set the debug level of the NTP daemon.

oftpd <integer> [IP/deviceSerial/deviceName]

Set the debug level of the oftpd daemon. Enter an IPv4 address, device serial number, or device name to only show messages related to that device or IPv4 address.

ptmgr <integer>

Set the debug level of the Portal Manager.

ptsessionmgr <integer>

Set the debug level of the Portal Session Manager.

rptchkd <integer>

Set the debug level of the rptchkd daemon.

rtmmond <integer>

Set the debug level of the real time monitor daemon.

scansched <integer>

Set the debug level of the scan schedule daemon.

scheduled <integer>

Set the debug level of the schedule task daemon.

securityconsole <integer>

Set the debug level of the security console daemon.

siemagentd <integer>

Set the debug level of the siemagentd daemon.

siemdbd <integer>

Set the debug level of the siemdbd daemon.

sniffer <integer>

Set the debug level of the interface sniffer.

snmpd <integer>

Set the debug level of the SNMP daemon.

sql_dashboard_rpt <integer>

Set the debug level of the SQL dashboard report daemon.

sql-integration <integer>

Set the debug level of SQL applications.

sqllogd <integer>

Set the debug level of SQL log daemon.

sqlplugind <integer>

Set the debug level of the SQL plugin daemon.

sqlrptcached <integer>

Set the debug level of the SQL report caching daemon.

srchd <integer>

Set the debug level of the SRCH daemon.

ssh <integer>

Set the debug level of SSH protocol transactions.

sshd <integer>

Set the debug level of the SSH daemon.

storaged <integer>

Set the debug level of communication with java clients.

syncsched <integer>

Set the debug level of the syncsched daemon.

uploadd <integer>

Set the debug level of the upload daemon.

vmd <integer>

Set the debug level for vmd.

Example

This example shows how to set the debug level to 7 for the upload daemon:

diagnose debug application uploadd 7

debug backup-oldformat-script-logs

Use this command to backup script log files that failed to be upgraded to the FTP server.

Syntax

diagnose debug backup-oldformat-script-logs <ip> <string> <username> <password>

Variable

Description

<ip>

Enter the FTP server IP address.

<string>

Enter the path/filename to save the log to the FTP server.

<username>

Enter the user name on the FTP server.

<password>

Enter the password associated with the user name.

debug cdbchk

Use these commands to enable or disable CLI CDB check debug output.

Syntax

diagnose debug cdbcheck {enable | disable}

debug cli

Use this command to set the debug level of CLI.

Syntax

diagnose debug cli <integer>

Variable

Description

<integer>

Set the debug level of the CLI (0 - 8, default = 3).

debug console

Use this command to enable or disable console debugging.

Syntax

diagnose debug console {enable | disable}

Variable

Description

{enable | disable}

Enable/disable console debugging.

debug coredump

Use this command to manage daemon and process core dumps.

Syntax

diagnose debug coredump crash-pid <pid>

diagnose debug coredump delete <daemon>

diagnose debug coredump disable <daemon>

diagnose debug coredump disable-pid <pid>

diagnose debug coredump enable <daemon>

diagnose debug coredump enable-once <daemon>

diagnose debug coredump enable-pid <pid>

diagnose debug coredump list

diagnose debug coredump upload <daemon> <service> <ip> <username> <password> <directory>

Variable

Description

crash-pid <pid>

Crash running process for core dump.

delete <daemon>

Delete core dumps for a daemon.

disable <daemon>

Disable core dump for a daemon.

disable-pid <pid>

Disable core dump of running process.

enable <daemon>

Enable core dump for a daemon.

enable-once <daemon>

Enable core dump the next time a daemon starts (one time only).

enable-pid <pid>

Enable core dump of running process.

list

List core dumps.

upload <daemon> <service> <ip> <username> <password> <directory>

Upload core dumps for a daemon to the specified server.

debug crashlog

Use this command to manage crash logs.

Syntax

diagnose debug crashlog clear

diagnose debug crashlog read

Variable

Description

clear

Delete backtrace and core files.

read

Show the crash logs. This command is hidden.

debug disable

Use this command to disable debug.

Syntax

diagnose debug disable

debug dpm

Use this command to manage the deployment manager.

Syntax

diagnose debug dpm comm-trace {enable | disable | status}

diagnose debug dpm conf-trace {enable | disable | status}

diagnose debug dpm probe-device <ip>

Variable

Description

comm-trace {enable | disable | status}

Enable/disable a DPM to FortiGate communication trace, or view the status of it.

conf-trace {enable | disable | status}

Enable/disable a DPM to FortiGate configuration trace, or view the status of it.

probe-device <ip>

Check device status.

debug enable

Use this command to enable debug.

Syntax

diagnose debug enable

debug gui

Use these commands to enable or disable the GUI debug flag.

Syntax

diagnose debug gui {enable | disable}

debug info

Use this command to show active debug level settings.

Syntax

diagnose debug info

debug klog

Use this command to show all kernel logs.

Syntax

diagnose debug klog

debug reset

Use this command reset the debug level settings. All debug settings will be reset.

Syntax

diagnose debug reset

debug service

Use this command to view or set the debug level of various service daemons.

Syntax

diagnose debug service anonymous <integer>

diagnose debug service cdb <integer>

diagnose debug service cmdb <integer>

diagnose debug service csf <integer>

diagnose debug service dbcache <integer>

diagnose debug service dump

diagnose debug service dvmcmd <integer>

diagnose debug service dvmdb <integer>

diagnose debug service fazcmd <integer>

diagnose debug service fazconf <integer>

diagnose debug service httpd <integer>

diagnose debug service main <integer>

diagnose debug service rpc-auth <integer>

diagnose debug service rtm <integer>

diagnose debug service sys <integer>

diagnose debug service task <integer>

Variable

Description

<integer>

The debug level

dump

Dump services.

The anonymous, dbcache, dump, fazcmd, and rpc-auth commands are only available on hardware devices.

debug sysinfo

Use this command to show system information.

Syntax

diagnose debug sysinfo

debug sysinfo-log

Use this command to generate one system log information log file every two minutes.

Syntax

diagnose debug sysinfo-log {on | off}

debug sysinfo-log-backup

Use this command to backup all system information log files to an FTP server.

Syntax

diagnose debug sysinfo-log-backup <server> <filepath> <user> <password>

Variable

Description

<server>

Enter the FTP server IPv4 address.

<filepath>

Enter the path/filename to save the log to the FTP server.

<user>

Enter the user name for the FTP server.

<password>

Enter the password associated with the user name.

debug sysinfo-log-list

Use this command to show system information elogs.

Syntax

diagnose debug sysinfo-log-list <integer>

Variable

Description

<integer>

Display the last n elogs (default = 10).

debug timestamp

Use this command to enable/disable debug timestamp.

Syntax

diagnose debug timestamp {enable | disable}

debug vmd

Use this command to show all the VMD (Virtual Machine Daemon) logs.

Syntax

diagnose debug vmd

debug vminfo

Use this command to show VM license information.

This command is only available on FortiManager VM models.

Syntax

diagnose debug vminfo