Fortinet black logo

CLI Reference

diagnose debug enable/disable

diagnose debug enable/disable

Use this command to turn debug log output on or off.

Debug logging can be very resource intensive. To minimize the performance impact on your system, use debugging only during periods of minimal traffic, with a local console CLI connection rather than a Telnet or SSH CLI connection. Disable debugging when you are finished.

By default, the most verbose logging that is available from the web UI for any log type is the Information severity level. Due to their usually unnecessary nature, logs at the severity level of Debug are disabled and hidden. They can only be enabled and viewed from the CLI. Typically this is done only if your configuration seems to be correct, you cannot diagnose the problem without more information, and possibly suspect that you may have found either a hardware failure or software bug.

To use debug logs, you must:

  1. Set the verbosity level for the specific module whose debugging information you want to view, via a debug log command such as:
  2. debug application hasyncd 5

  3. Enable debug logs overall. To do this, enter:
  4. diagnose debug enable

  5. View the debug logs. For convenience, debugging logs are immediately output to your local console display or terminal emulator, but debug log files can also be uploaded to a server. For more complex issues or bugs, this may be required in order to send debug information to Fortinet Technical Support.
  6. Debug logs will be generated only if the application is running. To verify the application is running, use diagnose system top .
  7. The CLI displays debug logs as they occur until you disable it by entering:

diagnose debug disable

  • Close your terminal emulator, thereby ending your administrative session.
  • Send a termination signal to the console by pressing Ctrl+C.
  • Reboot the appliance. To do this, you can use the command:

execute reboot

Syntax

diagnose debug {enable|disable}

debug {enable|disable}

Select whether to enable or disable recording of logs at the debug severity level.

diagnose debug enable/disable

Use this command to turn debug log output on or off.

Debug logging can be very resource intensive. To minimize the performance impact on your system, use debugging only during periods of minimal traffic, with a local console CLI connection rather than a Telnet or SSH CLI connection. Disable debugging when you are finished.

By default, the most verbose logging that is available from the web UI for any log type is the Information severity level. Due to their usually unnecessary nature, logs at the severity level of Debug are disabled and hidden. They can only be enabled and viewed from the CLI. Typically this is done only if your configuration seems to be correct, you cannot diagnose the problem without more information, and possibly suspect that you may have found either a hardware failure or software bug.

To use debug logs, you must:

  1. Set the verbosity level for the specific module whose debugging information you want to view, via a debug log command such as:
  2. debug application hasyncd 5

  3. Enable debug logs overall. To do this, enter:
  4. diagnose debug enable

  5. View the debug logs. For convenience, debugging logs are immediately output to your local console display or terminal emulator, but debug log files can also be uploaded to a server. For more complex issues or bugs, this may be required in order to send debug information to Fortinet Technical Support.
  6. Debug logs will be generated only if the application is running. To verify the application is running, use diagnose system top .
  7. The CLI displays debug logs as they occur until you disable it by entering:

diagnose debug disable

  • Close your terminal emulator, thereby ending your administrative session.
  • Send a termination signal to the console by pressing Ctrl+C.
  • Reboot the appliance. To do this, you can use the command:

execute reboot

Syntax

diagnose debug {enable|disable}

debug {enable|disable}

Select whether to enable or disable recording of logs at the debug severity level.