Diagnose commands
diagnose debug
Use this command to turn debug options on or off, set debug log levels, or check the FortiNDR log.
Syntax
diagnose debug application {cmdb_event | csfd | hahbd | hasyncd | httpd | miglogd | sshd | updated} <debug_level>
diagnose debug cli <debug_level>
diagnose debug coredump {clear|delete|disable|enable|list|status|upload}
diagnose debug crashlog <crash_log_date>
diagnose debug {enable | disable}
debug file {clear|disable|enable|info|show|upload}
diagnose debug kernel <debug_level>
diagnose debug process <process_name>
|
Variable |
Description |
Default |
|---|---|---|
|
|
A number from 0 to 8. |
|
|
|
A date in the format of yyyy-mm-dd to filter the crash log by date. |
|
|
|
A specific process name. Available processes and explanations are as follows:
|
|
|
Module/daemon |
Description |
|---|---|
|
|
Monitor FortiNDR configuration change events. |
|
|
Daemon responsible for Fortinet security fabric(csf) connection. |
|
|
Daemon responsible for HA heartbeat events. |
|
|
Daemon responsible for HA data synchronization. |
|
|
Daemon responsible for https service. |
|
|
Daemon responsible for LDAP server querying service. |
|
|
Daemon responsible for system log generation. |
|
|
Daemon responsible for SSH connections. |
|
|
Daemon responsible for FortiNDR license and ANN DB updates. |
diagnose hardware
Use this command to display FortiAI device status and information, read data from an I/O port, list information on PCI buses and connected devices, set PCI configuration space data, and list system hardware information.
Syntax
diagnose hardware acceleratorinfo
diagnose hardware deviceinfo {nic | nic-detail}
diagnose hardware ioport {byte | word | long} <correspond_data>
diagnose hardware pciconfig {bus| id | option} <correspond data>
diagnose hardware setpci pciconfig <device> <register> <data> option <option>
diagnose hardware sysinfo {cpu | interrupts | iomem | ioports | memory | mtrr | slab | stream | df}
|
Variable |
Description |
Default |
|---|---|---|
|
|
Diagnose the accelerator status and information. |
|
|
|
Diagnose the list device status and information. |
|
|
|
Diagnose the process of reading data from an I/O port. |
|
|
|
Diagnose the list information on PCI buses and connected devices. |
|
|
|
Diagnose the process of setting PCI configuration space data. |
|
|
|
Diagnose the list system hardware information. |
diagnose kdb
Use this command to diagnose ANN DB (KDB) and display version.
Syntax
diagnose kdb
diagnose sniffer dump
Use this comand to dump the data flow records of the network port to a specific TFTP server.
Ensure the remote TFTP files are created.
Syntax
diagnose sniffer dump <tftp IP> <local sniffer file name> <remote tftp server file name>
diagnose sniffer file
Use this command to manage the tcpdump recorded by the sniffer packet command.
Syntax
diagnose sniffer file {display|clear}
diagnose sniffer packet
Use this comand to diagnose the sniffer database by dumping and checking data flow records of the network port.
Ensure the remote TFTP files are created.
Syntax
diagnose sniffer packet <interface> <filter> <verbose> <count> <time format> <file name> <ttl> {background|NULL}
diagnose sniffer packet {stop|status}
|
Variable |
Description |
Default |
|---|---|---|
|
|
If an interface is specified, the tcpdump starts a process recording the data flow of that port. Use Use |
any
|
|
|
For example, to print UDP 1812 traffic between |
|
|
|
Set the verbosity of the record. The options are:
|
|
|
|
Maximum number of packets to be recorded in this attempt. |
|
|
|
Time format of the record. The options are:
|
relative
|
|
|
File name of the record for this recording attempt. |
|
|
|
Maximum time allowed for this record attempt to run (in minutes). |
|
|
|
Optional variable to specify if this recording attempt executes in the backend or displays on the console. |
|
diagnose session list
Use this command to diagnose the active session lists.
Syntax
diagnose session list
Example
System Time: 2019-11-21 13:51:48 PST (Uptime: 1d 22h 36m)
Protocol Remote IP Remote Port Local IP Local Port Expire(s)
tcp 72.19.122.220 57575 172.19.122.250 5432 22
tcp 172.19.122.220 52413 172.19.122.250 22 320
diagnose system csf global
Show a summary of all connected members in Security Fabric.
Syntax
diagnose system csf global
Example
{
"path":"FGVM16TM00000000:FAI35FT000000000",
"mgmt_ip_str":"",
"mgmt_port":443,
"sync_mode":1,
"saml_role":"disable",
"admin_port":443,
"serial":"FAI35FT000000000",
"host_name":"FAI35FT000000000",
"firmware_version_major":1,
"firmware_version_minor":5,
"firmware_version_patch":0,
"firmware_version_build":1,
"device_type":"fortiai",
"upstream_intf":"port1",
"upstream_serial":"FGVM16TM00000000",
"parent_serial":"FGVM16TM00000000",
"parent_hostname":"FGVM",
"upstream_status":"Authorized",
"upstream_ip":-68480084,
"upstream_ip_str":"172.19.1.1",
"subtree_members":[
],
"is_discovered":true,
"ip_str":"172.19.1.2",
"downstream_intf":"port2",
"upstream_vdom":"root",
"authorization_type":"certificate",
"authorization_entry_name":"FAI35FT000000000",
"idx":3
}
diagnose system csf upstream
Show connected upstream FortiGates.
Syntax
diagnose system csf upstream
Example
System Time: 2021-04-11 01:01:01PDT (Uptime: 0d 1h 0m) Upstream Information: Serial Number:FGVM16TM00000000 IP:172.19.1.1 Connecting interface:port1 Connection status:Authorized Saml setting not generated
diagnose system disk info
Disk hardware status information.
Syntax
diagnose system disk info
Example
System Time: 2020-06-06 11:57:01 PDT (Uptime: 0d 21h 11m) Disk 0: Device Model: SSDSC2KB038T8R Serial Number: PHYF915502NZ3P8EGN LU WWN Device Id: 5 5cd2e4 150d5a715 Add. Product Id: DELL(tm) Firmware Version: XCV1DL63 User Capacity: 3,840,755,982,336 bytes [3.84 TB] Sector Sizes: 512 bytes logical, 4096 bytes physical Rotation Rate: Solid State Device Form Factor: 2.5 inches Device is: Not in smartctl database [for details use: -P showall] ATA Version is: ACS-3 (unknown minor revision code: 0x006d) SATA Version is: SATA >3.1, 6.0 Gb/s (current: 6.0 Gb/s) Local Time is: Sat Jun 6 11:57:01 2020 PDT SMART support is: Available - device has SMART capability. SMART support is: Enabled Disk 1: Device Model: SSDSC2KB038T8R Serial Number: PHYF915502R93P8EGN LU WWN Device Id: 5 5cd2e4 150d5a75d Add. Product Id: DELL(tm) Firmware Version: XCV1DL63 User Capacity: 3,840,755,982,336 bytes [3.84 TB] Sector Sizes: 512 bytes logical, 4096 bytes physical Rotation Rate: Solid State Device Form Factor: 2.5 inches Device is: Not in smartctl database [for details use: -P showall] ATA Version is: ACS-3 (unknown minor revision code: 0x006d) SATA Version is: SATA >3.1, 6.0 Gb/s (current: 6.0 Gb/s) Local Time is: Sat Jun 6 11:57:01 2020 PDT SMART support is: Available - device has SMART capability. SMART support is: Enabled
diagnose system disk summary
Summary of smartctl details.
Syntax
diagnose system disk summary
Example
System Time: 2020-06-06 11:58:52 PDT (Uptime: 0d 21h 13m)
Smartctl Results
Overall Realloc Pending Seek
Device Health Sectors Sectors Count Last Run Test
--------------------------------------------------------------------------
/dev/sda PASSED 0 0 0 extended,completed without error
/dev/sda PASSED 0 0 0 extended,completed without error
/dev/sdb NOT-SUPPORTED
diagnose system disk health
Health information of this disk.
Syntax
diagnose system disk health
Example
System Time: 2019-11-21 18:24:26 GMT (Uptime: 0d 0h 0m) smartctl 6.3 2014-07-26 r3976 [x86_64-linux-4.9.60-3500F] (local build) Copyright (C) 2002-14, Bruce Allen, Christian Franke, www.smartmontools.org /dev/sda [megaraid_disk_00] [SAT]: Device open changed type from 'megaraid,0' to 'sat+megaraid,0' === START OF READ SMART DATA SECTION === SMART Status not supported: ATA return descriptor not supported by controller firmware SMART overall-health self-assessment test result: PASSED Warning: This result is based on an Attribute check. smartctl 6.3 2014-07-26 r3976 [x86_64-linux-4.9.60-3500F] (local build) Copyright (C) 2002-14, Bruce Allen, Christian Franke, www.smartmontools.org /dev/sda [megaraid_disk_01] [SAT]: Device open changed type from 'megaraid,1' to 'sat+megaraid,1' === START OF READ SMART DATA SECTION === SMART Status not supported: ATA return descriptor not supported by controller firmware SMART overall-health self-assessment test result: PASSED Warning: This result is based on an Attribute check. smartctl 6.3 2014-07-26 r3976 [x86_64-linux-4.9.60-3500F] (local build) Copyright (C) 2002-14, Bruce Allen, Christian Franke, www.smartmontools.org /dev/sdb: Unknown USB bridge [0x196d:0x0201 (0x1120)] Please specify device type with the -d option. Use smartctl -h to get a usage summary
diagnose system disk attributes
Information about the attributes of this disk.
Syntax
diagnose system disk attributes
Example
diagnose system disk attributes System Time: 2019-11-21 17:59:00 GMT (Uptime: 0d 0h 1m) smartctl 6.3 2014-07-26 r3976 [x86_64-linux-4.9.60-3500F] (local build) Copyright (C) 2002-14, Bruce Allen, Christian Franke, www.smartmontools.org /dev/sda [megaraid_disk_00] [SAT]: Device open changed type from 'megaraid,0' to 'sat+megaraid,0' === START OF READ SMART DATA SECTION === SMART Attributes Data Structure revision number: 1 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x000e 130 130 039 Old_age Always - 15079102 5 Reallocated_Sector_Ct 0x0033 100 100 001 Pre-fail Always - 0 9 Power_On_Hours 0x0032 100 100 000 Old_age Always - 5 12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 24 13 Read_Soft_Error_Rate 0x001e 083 080 000 Old_age Always - 1095231739582 170 Unknown_Attribute 0x0033 100 100 010 Pre-fail Always - 0 174 Unknown_Attribute 0x0032 100 100 000 Old_age Always - 24 179 Used_Rsvd_Blk_Cnt_Tot 0x0033 100 100 010 Pre-fail Always - 0 180 Unused_Rsvd_Blk_Cnt_Tot 0x0032 100 100 000 Old_age Always - 25540 181 Program_Fail_Cnt_Total 0x003a 100 100 000 Old_age Always - 0 182 Erase_Fail_Count_Total 0x003a 100 100 000 Old_age Always - 0 184 End-to-End_Error 0x0032 100 100 000 Old_age Always - 0 194 Temperature_Celsius 0x0022 100 100 000 Old_age Always - 18 195 Hardware_ECC_Recovered 0x0032 100 100 000 Old_age Always - 0 197 Current_Pending_Sector 0x0012 100 100 000 Old_age Always - 0 198 Offline_Uncorrectable 0x0010 100 100 000 Old_age Offline - 0 199 UDMA_CRC_Error_Count 0x003e 100 100 000 Old_age Always - 0 201 Unknown_SSD_Attribute 0x0033 100 100 010 Pre-fail Always - 120275667391 202 Unknown_SSD_Attribute 0x0027 100 100 000 Pre-fail Always - 0 225 Unknown_SSD_Attribute 0x0032 100 100 000 Old_age Always - 15898 226 Unknown_SSD_Attribute 0x0032 100 100 000 Old_age Always - 0 227 Unknown_SSD_Attribute 0x0032 100 100 000 Old_age Always - 99 228 Power-off_Retract_Count 0x0032 100 100 000 Old_age Always - 77 232 Available_Reservd_Space 0x0033 100 100 010 Pre-fail Always - 0 233 Media_Wearout_Indicator 0x0032 100 100 000 Old_age Always - 15898 234 Unknown_Attribute 0x0032 100 100 000 Old_age Always - 0 241 Total_LBAs_Written 0x0032 100 100 000 Old_age Always - 15898 242 Total_LBAs_Read 0x0032 100 100 000 Old_age Always - 132126 245 Unknown_Attribute 0x0032 100 100 000 Old_age Always - 100 smartctl 6.3 2014-07-26 r3976 [x86_64-linux-4.9.60-3500F] (local build) Copyright (C) 2002-14, Bruce Allen, Christian Franke, www.smartmontools.org /dev/sda [megaraid_disk_01] [SAT]: Device open changed type from 'megaraid,1' to 'sat+megaraid,1' === START OF READ SMART DATA SECTION === SMART Attributes Data Structure revision number: 1 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x000e 130 130 039 Old_age Always - 11512623 5 Reallocated_Sector_Ct 0x0033 100 100 001 Pre-fail Always - 0 9 Power_On_Hours 0x0032 100 100 000 Old_age Always - 5 12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 24 13 Read_Soft_Error_Rate 0x001e 079 077 000 Old_age Always - 2332178754351 170 Unknown_Attribute 0x0033 100 100 010 Pre-fail Always - 0 174 Unknown_Attribute 0x0032 100 100 000 Old_age Always - 24 179 Used_Rsvd_Blk_Cnt_Tot 0x0033 100 100 010 Pre-fail Always - 0 180 Unused_Rsvd_Blk_Cnt_Tot 0x0032 100 100 000 Old_age Always - 25538 181 Program_Fail_Cnt_Total 0x003a 100 100 000 Old_age Always - 0 182 Erase_Fail_Count_Total 0x003a 100 100 000 Old_age Always - 0 184 End-to-End_Error 0x0032 100 100 000 Old_age Always - 0 194 Temperature_Celsius 0x0022 100 100 000 Old_age Always - 18 195 Hardware_ECC_Recovered 0x0032 100 100 000 Old_age Always - 0 197 Current_Pending_Sector 0x0012 100 100 000 Old_age Always - 0 198 Offline_Uncorrectable 0x0010 100 100 000 Old_age Offline - 0 199 UDMA_CRC_Error_Count 0x003e 100 100 000 Old_age Always - 0 201 Unknown_SSD_Attribute 0x0033 100 100 010 Pre-fail Always - 120275601610 202 Unknown_SSD_Attribute 0x0027 100 100 000 Pre-fail Always - 0 225 Unknown_SSD_Attribute 0x0032 100 100 000 Old_age Always - 15931 226 Unknown_SSD_Attribute 0x0032 100 100 000 Old_age Always - 0 227 Unknown_SSD_Attribute 0x0032 100 100 000 Old_age Always - 100 228 Power-off_Retract_Count 0x0032 100 100 000 Old_age Always - 77 232 Available_Reservd_Space 0x0033 100 100 010 Pre-fail Always - 0 233 Media_Wearout_Indicator 0x0032 100 100 000 Old_age Always - 15931 234 Unknown_Attribute 0x0032 100 100 000 Old_age Always - 0 241 Total_LBAs_Written 0x0032 100 100 000 Old_age Always - 15931 242 Total_LBAs_Read 0x0032 100 100 000 Old_age Always - 132056 245 Unknown_Attribute 0x0032 100 100 000 Old_age Always - 100 smartctl 6.3 2014-07-26 r3976 [x86_64-linux-4.9.60-3500F] (local build) Copyright (C) 2002-14, Bruce Allen, Christian Franke, www.smartmontools.org /dev/sdb: Unknown USB bridge [0x196d:0x0201 (0x1120)] Please specify device type with the -d option. Use smartctl -h to get a usage summary
diagnose system disk-details
Syntax
diagnose system disk-details
Example
System Time: 2019-11-21 14:01:55 PST (Uptime: 1d 22h 47m)
for type for-var-physical
+device-name=sdb
| is-enc=0
| is-dma=1
| is-usb=0
| size=26843545600 (opt=0,min=512,alg=0,phy=512,log=512,grn=1048576)
+-----part-name=sdb1
| size=26835157504
| start=1048576(aligned)
| is-mounted=0
| fs-type=LVM2
diagnose system ntp-status
Use this command to print the NTP sync status.
Syntax
diagnose system ntp-status
Example
System Time: 2019-11-21 14:03:11 PST (Uptime: 1d 22h 48m)
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 10 l 20 64 377 0.000 0.000 0.000
208.91.113.70 172.16.101.30 2 u 259 1024 0 0.913 0.005 0.000
208.91.114.23 .FTNT. 1 u 6h 1024 0 1.335 0.404 0.000
diagnose system top
Use this command to display:
- Up time (run time).
- Current total processor and memory usage.
- Current free memory.
- The most resource-intensive system processes and daemons showing their memory (RAM) and processor (CPU) usage.
The first two lines of the display indicate the up time, and the processor and memory usage. Processor and memory usages on the second line have abbreviated labels shown below in bold.
Run Time: 0 days, 21 hours and 3 minutes
0U, 4S, 95I; 1035792T, 646920F
|
Letter |
Description |
|---|---|
|
U |
User CPU usage (%) |
|
S |
System CPU usage (%) |
|
I |
Idle CPU usage (%) |
|
T |
Total memory (KB) |
|
F |
Free memory (KB) |
The remaining lines contain the process list, which has the following columns:
Column 1 is the process name, such as SSHD.
Column 2 is the process ID (PID) number, such as 731.
Column 3 is the status:
- S: Sleeping (idle)
- R: Running
- Z: Zombie (crashed)
You might be able to restart a zombie process without rebooting. See execute reload.
- <: High priority
- N: Low priority
Column 4 is CPU usage (%).
Column 5 is memory usage (%).
When the command is running, you can sort the process list. The default sort order is by CPU usage.
- Shift + P: Sort by CPU usage.
- Shift + M: Sort by memory usage.
Process list output displays in your CLI window until you stop it by pressing q or Ctrl + C.
Syntax
diagnose system top <refresh_int>
|
Variable |
Description |
Default |
|---|---|---|
|
|
The interval between each refresh of the process list in seconds. For example, to refresh the process list every 5 seconds, type 5. |
|
Example
This example refreshes the display of the top 19 most system-intensive processes every five seconds. The output indicates that FortiAI is mostly idle except for some processor resources used by a connection to the web UI (admin.fe) and to the CLI.
diagnose system top 5
Run Time: 0 days, 21 hours and 3 minutes
0U, 4S, 95I; 1035792T, 646920F
admin.fe 987 S 6.0 0.0
admin.fe 979 S 1.4 0.0
cli 984 R 0.2 0.0
miglogd 755 S 0.2 0.0
dbmanager 731 S 0.0 0.0
mailfilter 767 S 0.0 0.0
httpd 972 S 0.0 0.0
smtpd 793 S 0.0 0.0
smtpd 796 S 0.0 0.0
dbdaemon 766 S 0.0 0.0
smtpd 829 S 0.0 0.0
smtpd 830 S 0.0 0.0
smtpd 831 S 0.0 0.0
smtpd 828 S 0.0 0.0
smtpproxy 780 S 0.0 0.0
spamreport 790 S 0.0 0.0
fmlmonitor 799 S 0.0 0.0
cmdbsvr 745 S 0.0 0.0
netd 756 S 0.0 0.0
diagnose system vm
Use this command to diagnose the virtual machine state.
Syntax
Diagnose system vm
Example:
System Time: 2022-04-19 01:35:33 PDT (Uptime: 0d 8h 9m)
UUID: 420c1e91dbd40952f9c6e5a4b0500acb
File: VM license file is valid.
Resources: 32 vcpus/32 allowed
Management IP: 0.0.0.0
Registered: 1 (True)
Status: 1 (Valid: Full License is in use.(Expire in 366 days 23 hours))
FDS code: 200
Warn count: 0
Copy count: 0
Received: 1720285758
Warning: 0
Recv: 202204190654
Dup:
diagnose system db
Use this command to diagnose and patch database if missing change has been detected. The process may take up to 10 mins.
Syntax
Diagnose system db