Fortianalyzer diagnose and debug cheat sheet
This cheat sheet as PDF: Fortianalyzer diagnose and debug cheat sheet
General Health
| Command | Description |
|---|---|
get sys status |
Get general information: firmware version, serial number, ADOMs enabled or not, time and time zone, general license status (Valid or not). |
get sys performance |
Detailed performance statistics: CPU load, memory usage, hard disk/flash disk used space and input/output ( |
exe top |
Display real time list of running processes with their CPU load. |
diag log device |
Shows how much space is used by each device logging to the Fortianalyzer, including quotas. |
exe iotop -b -n 1 |
Display and update every 1 second READ/WRITE statistics for all the processes. |
diagnose system print cpuinfo |
Display hardware CPU information - vendor, number of CPUs etc. |
diagnose hardware info |
Even more hardware-related info. |
diagnose system print df |
Show disk partitions and space used. Analog of the Linux |
exe lvm info |
Shows disks status and size |
diagnose system print loadavg |
Show average system load, analog to the Linux |
diagnose system print netstat |
Show established connections to the Fortianalyzer, as well as listening ports. Every logging device can (and usually does) have multiple connections established. |
diagnose system print route |
Show routing table of the Fortianalyzer. |
Communication debug
| Command | Description |
|---|---|
diagnose test application oftpd 3 |
List all devices sending logs to the Fortianalyzer with their IP addresses, serial numbers, uptime meaning connection establishment uptime, not remote device uptime, and packets received (should be growing). |
diagnose debug application oftpd 8 <Device name> diagnose debug enable |
Real time debug of communicating with the Device name device. |
diagnose sniffer packet any "host IP of remote device" |
Sniff packets from/to remote device, to make sure they are sending each other packets. The communication is encrypted. |
diagnose sniffer packet any "port 514" |
Sniff all packets to/from port 514 used by Fortianalyzer to receive logs from remote devices. |
Logs from devices
| Command | Description |
|---|---|
diagnose test application oftpd 50 |
Show log types received and stored for each device. |
diag log device |
Shows how much space is used by each device logging to the Fortianalyzer, including quotas. |
diagnose fortilogd lograte |
Show in one line last 5/30/60 seconds rate of receiving logs. |
diagnose fortilogd lograte-adom all |
Show as table log receiving rates for all ADOMs aggregated per device type (i.e. rate for all Fortigates will be as one data per ADOM). |
diagnose fortilogd lograte-device |
Show average logs receive rate per device for the last hour, day, and week. |
diagnose fortilogd lograte-total |
Show summary log receive rate for all devices on this Fortianalyzer. |
Licensing
| Command | Description |
|---|---|
diagnose dvm device list |
Look for the line There are currently N devices/vdoms count for license. |
diagnose debug vminfo |
Show report on Virtual Machine license: whether valid or not, type, licensed storage volume, licensed log receive rate, licensed maximum device count. Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more. |