Fortianalyzer diagnose and debug cheat sheet

General Health

Command Description

get sys status

Get general information: firmware version, serial number, ADOMs enabled or not, time and time zone, general license status (Valid or not).

get sys performance

Detailed performance statistics: CPU load, memory usage, hard disk/flash disk used space and input/output (iostat) statistics.

exe top

Display real time list of running processes with their CPU load.

diag log device

Shows how much space is used by each device logging to the Fortianalyzer, including quotas.

exe iotop -b -n 1

Display and update every 1 second READ/WRITE statistics for all the processes.

diagnose system print cpuinfo

Display hardware CPU information - vendor, number of CPUs etc.

diagnose hardware info

Even more hardware-related info.

diagnose system print df

Show disk partitions and space used. Analog of the Linux df.

exe lvm info

Shows disks status and size

diagnose system print loadavg

Show average system load, analog to the Linux uptime command.

diagnose system print netstat

Show established connections to the Fortianalyzer, as well as listening ports. Every logging device can (and usually does) have multiple connections established.

diagnose system print route

Show routing table of the Fortianalyzer.

Communication debug

Command Description

diagnose test application oftpd 3

List all devices sending logs to the Fortianalyzer with their IP addresses, serial numbers, uptime meaning connection establishment uptime, not remote device uptime, and packets received (should be growing).

diagnose debug application oftpd 8 <Device name>

diagnose debug enable

Real time debug of communicating with the Device name device.

diagnose sniffer packet any "host IP of remote device"

Sniff packets from/to remote device, to make sure they are sending each other packets. The communication is encrypted.

diagnose sniffer packet any "port 514"

Sniff all packets to/from port 514 used by Fortianalyzer to receive logs from remote devices.

Logs from devices

Command Description

diagnose test application oftpd 50

Show log types received and stored for each device.

diag log device

Shows how much space is used by each device logging to the Fortianalyzer, including quotas.

diagnose fortilogd lograte

Show in one line last 5/30/60 seconds rate of receiving logs.

diagnose fortilogd lograte-adom all

Show as table log receiving rates for all ADOMs aggregated per device type (i.e. rate for all Fortigates will be as one data per ADOM).

diagnose fortilogd lograte-device

Show average logs receive rate per device for the last hour, day, and week.

diagnose fortilogd lograte-total

Show summary log receive rate for all devices on this Fortianalyzer.


Command Description

diagnose dvm device list

Look for the line There are currently N devices/vdoms count for license.

diagnose debug vminfo

Show report on Virtual Machine license: whether valid or not, type, licensed storage volume, licensed log receive rate, licensed maximum device count.

Follow me on not to miss what I publish on Linkedin, Github, blog, and more.