Difference between revisions of "Monitoring"
From Tech-Wiki
(20 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Fortinet]] | [[Category:Fortinet]] | ||
+ | |||
+ | Viewing logs from command line | ||
+ | exec log filter category 0 (0:traffic 1:event 3:webfilter) | ||
+ | exec log filter device 2 (0:memory 1:faz (fortianalyzer) 2:fds (disk)) | ||
+ | exec log filter field dstport 443 (or dstip 10.1.1.1) | ||
+ | exec log filter view-lines 200 | ||
+ | exec log display | ||
Get system information: | Get system information: | ||
− | + | get sys status | |
− | + | get sys performance status | |
− | + | get hardware status | |
diag hardware deviceinfo disk | diag hardware deviceinfo disk | ||
+ | diag sys session stat | ||
Get CPU information and killing (restarting) process: | Get CPU information and killing (restarting) process: | ||
− | diag sys top | + | diag sys performance top |
− | diag sys top-summary | + | diag sys perf top-summary |
− | diag sys kill | + | diag sys kill <signal> <pid> |
+ | 9 unconditional kill | ||
+ | 11 segmentation fault kill* | ||
+ | 15 graceful kill | ||
+ | |||
+ | Killing process by name | ||
+ | fnsysctl killall reportd | ||
Get memory information and conserve mode: | Get memory information and conserve mode: | ||
+ | diag hardware sysinfo conserve | ||
diag hardware sysinfo mem | diag hardware sysinfo mem | ||
diag hardware sysinfo shm | diag hardware sysinfo shm | ||
Line 21: | Line 36: | ||
diag firewall iprope state | diag firewall iprope state | ||
Av_break=pass/pass – kernel conserve mode | Av_break=pass/pass – kernel conserve mode | ||
+ | |||
+ | Troubleshoot VPN, Authentication and Updates | ||
+ | diag debug application <daemon> <level> | ||
+ | diag debug enable | ||
+ | Daemons that support debug: sslvpn ike authd update | ||
+ | level: | ||
+ | 0 disabled | ||
+ | -1 shows all info | ||
+ | other values: depends on daemon | ||
Get network information and statistics: | Get network information and statistics: | ||
show sys interface | show sys interface | ||
diag hardware deviceinfo nic <port> | diag hardware deviceinfo nic <port> | ||
+ | diag netlink interface list name <port> | ||
+ | fnsysctl ifconfig <port> | ||
− | Get disk logging | + | Get disk logging usage: |
diag sys logdisk usage | diag sys logdisk usage | ||
+ | |||
+ | Display WebFilter statistics: | ||
+ | diag webfilter fortiguard statistics list | ||
Display IPs blocked by Anomalies: | Display IPs blocked by Anomalies: | ||
diag ips anomaly list | diag ips anomaly list | ||
+ | |||
+ | You can test blocked pages using [https://fortiguard.com/webfilter/categories this site]. |
Latest revision as of 19:15, 2 December 2020
Viewing logs from command line
exec log filter category 0 (0:traffic 1:event 3:webfilter) exec log filter device 2 (0:memory 1:faz (fortianalyzer) 2:fds (disk)) exec log filter field dstport 443 (or dstip 10.1.1.1) exec log filter view-lines 200 exec log display
Get system information:
get sys status get sys performance status get hardware status diag hardware deviceinfo disk diag sys session stat
Get CPU information and killing (restarting) process:
diag sys performance top diag sys perf top-summary diag sys kill <signal> <pid> 9 unconditional kill 11 segmentation fault kill* 15 graceful kill
Killing process by name
fnsysctl killall reportd
Get memory information and conserve mode:
diag hardware sysinfo conserve diag hardware sysinfo mem diag hardware sysinfo shm 0 – no conserve mode 1 – proxy 2 – system 3 - both diag firewall iprope state Av_break=pass/pass – kernel conserve mode
Troubleshoot VPN, Authentication and Updates
diag debug application <daemon> <level> diag debug enable Daemons that support debug: sslvpn ike authd update level: 0 disabled -1 shows all info other values: depends on daemon
Get network information and statistics:
show sys interface diag hardware deviceinfo nic <port> diag netlink interface list name <port> fnsysctl ifconfig <port>
Get disk logging usage:
diag sys logdisk usage
Display WebFilter statistics:
diag webfilter fortiguard statistics list
Display IPs blocked by Anomalies:
diag ips anomaly list
You can test blocked pages using this site.