Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

system

Use the following commands for system related settings.

system admin-session

Use this command to view login session information.

Syntax

diagnose system admin-session list

diagnose system admin-session status

diagnose system admin-session kill

Variable

Description

list

List login sessions.

status

Show the current session.

kill

Kill a current session.

system disk

Use this command to view disk diagnostic information.

This command is only available on hardware-based FortiAnalyzer models.

Syntax

diagnose system disk attributes

diagnose system disk disable

diagnose system disk enable

diagnose system disk health

diagnose system disk info

diagnose system disk errors

Variable

Description

attributes

Show vendor specific SMART attributes.

disable

Disable SMART support.

enable

Enable SMART support.

health

Show the SMART health status.

info

Show the SMART information.

errors

Show the SMART error logs.

system export

Use this command to export logs.

Syntax

diagnose system export crashlog <ftp server> <user> <password> <directory> <filename>

diagnose system export fmwslog {sftp | ftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

diagnose system export raidlog <ftp server> <username> <password> <directory> <filename>

diagnose system export umlog {sftp | ftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

diagnose system export upgradelog <ftp server> <username> <password> <directory> <filename>

Variable

Description

crashlog <ftp server> <user> <password> <directory> <filename>

Export the crash log.

fmwslog {sftp | ftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

Export the FortiAnalyzer Web Service log files to an SFTP or FTP server.

The type options are: SENT, RECV, TEST.

raidlog <ftp server> <username> <password> <directory> <filename>

Export the RAID log.

This command is only available on devices that support RAID.

umlog {sftp | ftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

Export the update manager and firmware manager log files.

The type option are: fdslinkd, fctlinkd, fgdlinkd, usvr, update, service, misc, umad, and fwmlinkd.

upgradelog <ftp server> <username> <password> <directory> <filename>

Export the upgrade error log.

system flash

Use this command to diagnose the flash memory.

Syntax

diagnose system flash list

Variable

Description

list

List flash images. This command displays the following information: image name, version, total size (KB), used (KB), percent used, boot image, and running image.

system fsck

Use this command to check and repair the file system, and to reset the disk mount count.

Syntax

diagnose system fsck harddisk

diagnose system fsck reset-mount-count

Variable

Description

harddisk

Check and repair the file system, then reboot the system.

reset-mount-count

Reset the mount-count of the disk.

system geoip

Use this command to list geo IPv4 information.

Syntax

diagnose system geoip info

diagnose system geoip dump

diagnose system geoip <ipv4_address>

Variable

Description

info

Display brief geo IP information.

dump

Display all geo IP information.

<ipv4_address>

Find the IP’s country.

system ntp

Use this command to list NTP server information.

Syntax

diagnose system ntp status

Variable

Description

status

List NTP servers’ information.

system print

Use this command to print server information.

Syntax

diagnose system print certificate

diagnose system print cpuinfo

diagnose system print df

diagnose system print hosts

diagnose system print interface <interface>

diagnose system print loadavg

diagnose system print netstat

diagnose system print partitions

diagnose system print route

diagnose system print rtcache

diagnose system print slabinfo

diagnose system print sockets

diagnose system print uptime

Variable

Description

certificate

Print the IPsec certificate.

cpuinfo

Print the CPU information.

This command includes the following: processor, vendor ID, CPU family, model, model name, stepping, CPU MHz, cache size, physical ID, sibling,

df

Print the file system disk space usage.

This command displays the following information: file system, 1K-blocks, used, available, percent used, mounted on.

hosts

Print the static table lookup for host names.

interface <interface>

Print the information of the interface.

This command displays the following information: status, speed, duplex, supported ports, auto-negotiation, advertised link modes, and advertised auto-negotiation.

loadavg

Print the average load of the system.

netstat

Print the network statistics for active Internet connections (servers and established).

This command displays the following information: protocol, local address, foreign address, and state.

partitions

Print the partition information of the system.

route

Print the main route list.

This command displays the following information: destination, gateway, gateway mask, flags, metric, reference, use, and interface,

rtcache

Print the contents of the routing cache.

slabinfo

Print the slab allocator statistics.

sockets

Print the currently used socket ports.

This command displays the following information: number, protocol, and port.

uptime

Print how long the system has been running.

system process

Use this command to view and kill processes.

Syntax

diagnose system process kill -<signal> <pid>

diagnose system process killall <module>

diagnose system process list

Variable

Description

kill -<signal> <pid>

Kill a process. For example: -9 or -KILL

killall <module>

Kill all the related processes.

list

List all processes running on the FortiAnalyzer. This command displays the PID, UID, stat, and command.

system raid

Use this command to view RAID information.

This command is only available on hardware-based FortiAnalyzer models that support RAID.

Syntax

diagnose system raid alarms

diagnose system raid hwinfo

diagnose system raid status

Variable

Description

alarms

Show RAID alarm logs.

hwinfo

Show RAID controller hardware information.

status

Show RAID status. This command displays the following information: RAID level, RAID status, RAID size, and hard disk information.

system route

Use this command to diagnose routes.

Syntax

diagnose system route list

Variable

Description

list

List all routes. This command displays the following information: destination IP, gateway IP, netmask, flags, metric, reference, use, and interface.

system route6

Use this command to diagnose IPv6 routes.

Syntax

diagnose system route6 list

Variable

Description

list

List all IPv6 routes. This command displays the following information: destination IP, gateway IP, interface, metric, and priority.

system server

Use this command to start the server.

Syntax

diagnose system server start

system

Use the following commands for system related settings.

system admin-session

Use this command to view login session information.

Syntax

diagnose system admin-session list

diagnose system admin-session status

diagnose system admin-session kill

Variable

Description

list

List login sessions.

status

Show the current session.

kill

Kill a current session.

system disk

Use this command to view disk diagnostic information.

This command is only available on hardware-based FortiAnalyzer models.

Syntax

diagnose system disk attributes

diagnose system disk disable

diagnose system disk enable

diagnose system disk health

diagnose system disk info

diagnose system disk errors

Variable

Description

attributes

Show vendor specific SMART attributes.

disable

Disable SMART support.

enable

Enable SMART support.

health

Show the SMART health status.

info

Show the SMART information.

errors

Show the SMART error logs.

system export

Use this command to export logs.

Syntax

diagnose system export crashlog <ftp server> <user> <password> <directory> <filename>

diagnose system export fmwslog {sftp | ftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

diagnose system export raidlog <ftp server> <username> <password> <directory> <filename>

diagnose system export umlog {sftp | ftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

diagnose system export upgradelog <ftp server> <username> <password> <directory> <filename>

Variable

Description

crashlog <ftp server> <user> <password> <directory> <filename>

Export the crash log.

fmwslog {sftp | ftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

Export the FortiAnalyzer Web Service log files to an SFTP or FTP server.

The type options are: SENT, RECV, TEST.

raidlog <ftp server> <username> <password> <directory> <filename>

Export the RAID log.

This command is only available on devices that support RAID.

umlog {sftp | ftp} <type> <(s)ftp server> <username> <password> <directory> <filename>

Export the update manager and firmware manager log files.

The type option are: fdslinkd, fctlinkd, fgdlinkd, usvr, update, service, misc, umad, and fwmlinkd.

upgradelog <ftp server> <username> <password> <directory> <filename>

Export the upgrade error log.

system flash

Use this command to diagnose the flash memory.

Syntax

diagnose system flash list

Variable

Description

list

List flash images. This command displays the following information: image name, version, total size (KB), used (KB), percent used, boot image, and running image.

system fsck

Use this command to check and repair the file system, and to reset the disk mount count.

Syntax

diagnose system fsck harddisk

diagnose system fsck reset-mount-count

Variable

Description

harddisk

Check and repair the file system, then reboot the system.

reset-mount-count

Reset the mount-count of the disk.

system geoip

Use this command to list geo IPv4 information.

Syntax

diagnose system geoip info

diagnose system geoip dump

diagnose system geoip <ipv4_address>

Variable

Description

info

Display brief geo IP information.

dump

Display all geo IP information.

<ipv4_address>

Find the IP’s country.

system ntp

Use this command to list NTP server information.

Syntax

diagnose system ntp status

Variable

Description

status

List NTP servers’ information.

system print

Use this command to print server information.

Syntax

diagnose system print certificate

diagnose system print cpuinfo

diagnose system print df

diagnose system print hosts

diagnose system print interface <interface>

diagnose system print loadavg

diagnose system print netstat

diagnose system print partitions

diagnose system print route

diagnose system print rtcache

diagnose system print slabinfo

diagnose system print sockets

diagnose system print uptime

Variable

Description

certificate

Print the IPsec certificate.

cpuinfo

Print the CPU information.

This command includes the following: processor, vendor ID, CPU family, model, model name, stepping, CPU MHz, cache size, physical ID, sibling,

df

Print the file system disk space usage.

This command displays the following information: file system, 1K-blocks, used, available, percent used, mounted on.

hosts

Print the static table lookup for host names.

interface <interface>

Print the information of the interface.

This command displays the following information: status, speed, duplex, supported ports, auto-negotiation, advertised link modes, and advertised auto-negotiation.

loadavg

Print the average load of the system.

netstat

Print the network statistics for active Internet connections (servers and established).

This command displays the following information: protocol, local address, foreign address, and state.

partitions

Print the partition information of the system.

route

Print the main route list.

This command displays the following information: destination, gateway, gateway mask, flags, metric, reference, use, and interface,

rtcache

Print the contents of the routing cache.

slabinfo

Print the slab allocator statistics.

sockets

Print the currently used socket ports.

This command displays the following information: number, protocol, and port.

uptime

Print how long the system has been running.

system process

Use this command to view and kill processes.

Syntax

diagnose system process kill -<signal> <pid>

diagnose system process killall <module>

diagnose system process list

Variable

Description

kill -<signal> <pid>

Kill a process. For example: -9 or -KILL

killall <module>

Kill all the related processes.

list

List all processes running on the FortiAnalyzer. This command displays the PID, UID, stat, and command.

system raid

Use this command to view RAID information.

This command is only available on hardware-based FortiAnalyzer models that support RAID.

Syntax

diagnose system raid alarms

diagnose system raid hwinfo

diagnose system raid status

Variable

Description

alarms

Show RAID alarm logs.

hwinfo

Show RAID controller hardware information.

status

Show RAID status. This command displays the following information: RAID level, RAID status, RAID size, and hard disk information.

system route

Use this command to diagnose routes.

Syntax

diagnose system route list

Variable

Description

list

List all routes. This command displays the following information: destination IP, gateway IP, netmask, flags, metric, reference, use, and interface.

system route6

Use this command to diagnose IPv6 routes.

Syntax

diagnose system route6 list

Variable

Description

list

List all IPv6 routes. This command displays the following information: destination IP, gateway IP, interface, metric, and priority.

system server

Use this command to start the server.

Syntax

diagnose system server start