Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiWeb 7.2.7 Administration Guide
    7.2.7
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Customizing and downloading debug logs

    Customizing and downloading debug logs

    There are several ways to collect or customize debug logs.

    1. Many debug logs are stored at /var/log/gui_upload and can be downloaded via GUI:
      1. Enable upload/download option in CLI first, then you’ll see the section GUI File Download/Upload in System > Maintenance > Backup & Restore:

        config system settings

        set enable-file-upload enable

        end

      2. Select, compress and download debug logs or core/coredump files that you need.
      3. You can also login the backend shell, move or copy logs files from other directories to /var/log/gui_upload, and download them here.
    2. One-click to archive and download most important logs (Recommended Way)

      FortiWeb GUI provides an easier way to collect such debug logs. Most logs under /var/log/debug/ and /var/log/gui_upload will be archived after you click the “Download” button on System > Maintenance > Debug > Download section.

      Before you can begin downloading the debug log, you have to enable it first via System > Config > Feature Visibility > Debug.

      Please note that some logs and core/coredump files may not be included in this archive file, so you may need to download them manually with the first method.

      As more features or debug logs are added on 7.0.1, 7.0.2, and later builds, more logs will be included in this debug log, and different types of logs are classified into sub-directories:

    3. You can run diagnose debug commands to customize logs included in the archive debug file.

      For example, you can capture the flow from the client 216.232.182.247 and activate the debug flow from it as below. Then you’ll find that the following files will be included in the downloaded debug file console_log.tar.gz:

      • sn.txt: SN & current build
      • entire configuration file
      • crash logs
      • daemon logs: the debug flow trace logs is included in this file

      • kernel logs

      • netstat logs

      • coredump logs

      • perf logs

      • top logs

      • nmon logs: regular record

      • jeprof.out.*.*.heap: need to enable jemalloc-conf and trigger jemalloc dump first

      • debug_net/disk/mem/process.txt or debug_out_d_mem/net/proc/cond.sh.txt: regular record

      • collect_xxx: captured pcap file (diagnose CLI filtered output) and other debug information

      • other logs

        FortiWeb # diagnose debug trace tcpdump filter "host 216.232.182.247 and port 443"

        FortiWeb # diagnose debug flow filter client-ip "216.232.182.247"

        FortiWeb # diagnose debug flow filter flow-detail 7

        FortiWeb # diagnose debug trace report

        FortiWeb # diagnose debug trace report start

        Then wait to collect traffic…

        FortiWeb # diagnose debug trace report stop

        Then you can click the “Download” button on System > Maintenance > Debug > Download to download the archive file:

        Note: To access this part of the web UI, your administrator’s account must have the prof_admin permission. For details, see "Permissions" in FortiWeb Administration Guide.

    Previous
    Next

    Customizing and downloading debug logs

    Customizing and downloading debug logs

    There are several ways to collect or customize debug logs.

    1. Many debug logs are stored at /var/log/gui_upload and can be downloaded via GUI:
      1. Enable upload/download option in CLI first, then you’ll see the section GUI File Download/Upload in System > Maintenance > Backup & Restore:

        config system settings

        set enable-file-upload enable

        end

      2. Select, compress and download debug logs or core/coredump files that you need.
      3. You can also login the backend shell, move or copy logs files from other directories to /var/log/gui_upload, and download them here.
    2. One-click to archive and download most important logs (Recommended Way)

      FortiWeb GUI provides an easier way to collect such debug logs. Most logs under /var/log/debug/ and /var/log/gui_upload will be archived after you click the “Download” button on System > Maintenance > Debug > Download section.

      Before you can begin downloading the debug log, you have to enable it first via System > Config > Feature Visibility > Debug.

      Please note that some logs and core/coredump files may not be included in this archive file, so you may need to download them manually with the first method.

      As more features or debug logs are added on 7.0.1, 7.0.2, and later builds, more logs will be included in this debug log, and different types of logs are classified into sub-directories:

    3. You can run diagnose debug commands to customize logs included in the archive debug file.

      For example, you can capture the flow from the client 216.232.182.247 and activate the debug flow from it as below. Then you’ll find that the following files will be included in the downloaded debug file console_log.tar.gz:

      • sn.txt: SN & current build
      • entire configuration file
      • crash logs
      • daemon logs: the debug flow trace logs is included in this file

      • kernel logs

      • netstat logs

      • coredump logs

      • perf logs

      • top logs

      • nmon logs: regular record

      • jeprof.out.*.*.heap: need to enable jemalloc-conf and trigger jemalloc dump first

      • debug_net/disk/mem/process.txt or debug_out_d_mem/net/proc/cond.sh.txt: regular record

      • collect_xxx: captured pcap file (diagnose CLI filtered output) and other debug information

      • other logs

        FortiWeb # diagnose debug trace tcpdump filter "host 216.232.182.247 and port 443"

        FortiWeb # diagnose debug flow filter client-ip "216.232.182.247"

        FortiWeb # diagnose debug flow filter flow-detail 7

        FortiWeb # diagnose debug trace report

        FortiWeb # diagnose debug trace report start

        Then wait to collect traffic…

        FortiWeb # diagnose debug trace report stop

        Then you can click the “Download” button on System > Maintenance > Debug > Download to download the archive file:

        Note: To access this part of the web UI, your administrator’s account must have the prof_admin permission. For details, see "Permissions" in FortiWeb Administration Guide.

    Previous
    Next