Fortinet black logo

CLI Reference

debug

debug

Use this command to turn debug log output on or off.

Debug logging can be very resource intensive. To minimize the performance impact on your FortiWeb appliance, use packet capture only during periods of minimal traffic, with a local console CLI connection rather than a Telnet or SSH CLI connection, and be sure to stop the command when you are finished.

By default, the most verbose logging that is available from the web UI for any log type is the Information severity level. Due to their usually unnecessary nature, logs at the severity level of Debug are disabled and hidden. They can only be enabled and viewed from the CLI. Typically this is done only if your configuration seems to be correct, you cannot diagnose the problem without more information, and possibly suspect that you may have found either a hardware failure or software bug.

To generate debug logs, you must:

Set the verbosity level for the specific module whose debugging information you want to view, via a debug log command such as:

debug application hasync {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7}

If necessary configure any filters specific to the module whose debugging information you are viewing, such as:

debug flow filter server-ip "10.0.0.10"

If necessary start debugging specific to the module, such as:

debug flow trace start

Enable debug logs overall. To do this, enter:

debug enable

View the debug logs. For convenience, debugging logs are immediately outputted to your local console display or terminal emulator, but debug log files can also be uploaded to a server.

To do this, use the command:

debug upload

For more complex issues or bugs, this may be required in order to send debug information to Fortinet Customer Service & Support (https://support.fortinet.com).

Debug logs will be generated only if the application is running. To verify this, use system top . Otherwise, use debug crashlog instead.

The CLI will display debug logs as they occur until you either:

  • Disable it by either typing:

    diagnose debug disable

    or setting all modules’ debug log verbosity back to 0. To reset all verbosity levels simultaneously, you can use the command:

    diagnose debug reset

  • Close your terminal emulator, thereby ending your administrative session.
  • Send a termination signal to the console by pressing Ctrl+C.
  • Reboot the appliance. To do this, you can use the command:

    execute reboot

    To use this command, your administrator account’s access control profile requires only r permission in any profile area.

Syntax

diagnose debug {enable | disable}

Variable Description Default

debug {enable | disable}

Select whether to enable or disable recording of logs at the debug severity level. disable

Related topics

debug

Use this command to turn debug log output on or off.

Debug logging can be very resource intensive. To minimize the performance impact on your FortiWeb appliance, use packet capture only during periods of minimal traffic, with a local console CLI connection rather than a Telnet or SSH CLI connection, and be sure to stop the command when you are finished.

By default, the most verbose logging that is available from the web UI for any log type is the Information severity level. Due to their usually unnecessary nature, logs at the severity level of Debug are disabled and hidden. They can only be enabled and viewed from the CLI. Typically this is done only if your configuration seems to be correct, you cannot diagnose the problem without more information, and possibly suspect that you may have found either a hardware failure or software bug.

To generate debug logs, you must:

Set the verbosity level for the specific module whose debugging information you want to view, via a debug log command such as:

debug application hasync {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7}

If necessary configure any filters specific to the module whose debugging information you are viewing, such as:

debug flow filter server-ip "10.0.0.10"

If necessary start debugging specific to the module, such as:

debug flow trace start

Enable debug logs overall. To do this, enter:

debug enable

View the debug logs. For convenience, debugging logs are immediately outputted to your local console display or terminal emulator, but debug log files can also be uploaded to a server.

To do this, use the command:

debug upload

For more complex issues or bugs, this may be required in order to send debug information to Fortinet Customer Service & Support (https://support.fortinet.com).

Debug logs will be generated only if the application is running. To verify this, use system top . Otherwise, use debug crashlog instead.

The CLI will display debug logs as they occur until you either:

  • Disable it by either typing:

    diagnose debug disable

    or setting all modules’ debug log verbosity back to 0. To reset all verbosity levels simultaneously, you can use the command:

    diagnose debug reset

  • Close your terminal emulator, thereby ending your administrative session.
  • Send a termination signal to the console by pressing Ctrl+C.
  • Reboot the appliance. To do this, you can use the command:

    execute reboot

    To use this command, your administrator account’s access control profile requires only r permission in any profile area.

Syntax

diagnose debug {enable | disable}

Variable Description Default

debug {enable | disable}

Select whether to enable or disable recording of logs at the debug severity level. disable

Related topics