Fortinet white logo
Fortinet white logo

CLI Reference

test

test

Use the following commands to test the FortiAnalyzer.

test application

Use this command to test application daemons. Enter an unassigned integer value to see the available options for each command.

Syntax

diagnose test application apiproxyd <integer> <integer> ... <integer>

diagnose test application clusterd <integer> <integer> ... <integer>

diagnose test application execmd <integer> <integer> ... <integer>

diagnose test application fazcfgd <integer> <integer> ... <integer>

diagnose test application fazmaild <integer> <integer> ... <integer>

diagnose test application faznotify <integer> <integer> ... <integer>

diagnose test application fazsvcd <integer> <integer> ... <integer>

diagnose test application fazwatchd <integer> <integer> ... <integer>

diagnose test application filefwd <integer> <integer> ... <integer>

diagnose test application fortilogd <integer> <integer> ... <integer>

diagnose test application logfiled <integer> <integer> ... <integer>

diagnose test application logfwd <integer> <integer> ... <integer>

diagnose test application log-fetchd <integer> <integer> ... <integer>

diagnose test application miglogd <integer> <integer> ... <integer>

diagnose test application oftpd <integer> <integer> ... <integer>

diagnose test application rptchkd <integer> <integer> ... <integer>

diagnose test application snmpd <integer> <integer> ... <integer>

diagnose test application sqllogd <integer> <integer> ... <integer>

diagnose test application sqlrptcached <integer> <integer> ... <integer>

diagnose test application syncsched <integer> <integer> ... <integer>

diagnose test application uploadd <integer> <integer> ... <integer>

Variable

Description

apiproxyd <integer> ...

API proxy daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 20: fsa tracer log request
  • 21: fsa tracer log request
  • 99: restart daemon

clusterd <integer> ...

Clusterd daemon test usage:

  • 0: Usage
  • 1: Thread pool status
  • 2: Log Cluster core
  • 3: Devices cache module
  • 4: Logging Topology module
  • 5: Avatar uploading module
  • 6: Meta-CSF uploading module
  • 7: Meta-InterfaceRole module
  • 8: Tunnel module
  • 9: oftpd file fwd module
  • 10: Service module
  • 97: HA module
  • 98: Monitor status
  • 99: Restart clusterd
  • 100: Restart clusterd and clusterd-monitor

execmd <integer> ...

Execmd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 99: restart daemon

fazcfgd <integer> ...

Fazcfg daemon test usage:

  • 1: show PID
  • 2: show statistics
  • 40: DVM cache diag info

  • 41: CSF diag info

  • 42: IntfRole diag info

  • 48: test update link prefixes file

  • 49: test update webfilter categories description file

  • 50: test get app icon
  • 51: test update app logo files
  • 52: dvm call stats
  • 53: dvm call stats clear
  • 54: check ips/app meta-data update
  • 55: log disk readahead get
  • 56: log disk readahead toggle
  • 57: fix redis service
  • 58: check redis service
  • 60: test fortigate restful api

  • 82: list avatar meta-data

  • 83: rebuild avatar meta-data table

  • 84: rebuild ips meta-data table
  • 85: rebuild app meta-data table
  • 86: rebuild FortiClient Vulneribility meta-data table
  • 88: update ffdb meta-data

  • 90: use built-in TIDB package and disable updating it

  • 91: enable updating TIDB package

  • 92: disable updating TIDB package

  • 99: restart daemon

fazmaild <integer> ...

Fazmaild daemon test usage:

  • 1: show PID and daemon status
  • 2: show runtime status
  • 90: pause sending mail
  • 91: resume sending mail
  • 99: restart fazmaild daemon

faznotify <integer> ...

Faznotify daemon test usage:

  • 0: usage information
  • 1: show faznotify pid
  • 2: show faznotify statistics [clear]
  • 10: send a faznotify <adom> <id> <send-data>
  • 20: show active channel
  • 29: delete active channel <adom> <id>
  • 30: pause active channel <seconds>
  • 99: restart

fazsvcd <integer> ...

Fazsvcd daemon test usage:

  • 1: show PID
  • 2: show daemon stats and status
  • 3: list async search threads
  • 4: dump async search slot info
  • 5: show cache builder stats
  • 6: dump cache builder playlist
  • 7: dump log search filters
  • 10: show database log stats aggregated per day
  • 11: show received log stats aggregated per day
  • 50: enable or disable cache builder
  • 51: enable or disable auto custom index
  • 52: enable or disable skip-index usage
  • 60: rawlog idx cache test
  • 61: logbrowse cache stats
  • 70: show stats for device vdom cache
  • 71: show stats for remote fortiview and reports
  • 75: data masking test: <passwd> <plaint test> <1|0 (high secure)> [do_unmasking]
  • 99: restart daemon

fazwatchd <integer> ...

Fazwatchd daemon test usage:

  • 1: show summary
  • 99: restart daemon

filefwd <integer> ...

Filefwd daemon test usage:

  • 1: show daemon PID
  • 2: show daemon stats
  • 3: show threads stats
  • 99: restart daemon

fortilogd <integer> ...

Fortilogd Diag test usage:

  • 0: usage information
  • 1: show fortilogd PID
  • 2: dump message status
  • 3: logstat status
  • 4: client devices status
  • 5: print log received
  • 6: switch on/off debug messages
  • 7: log forwarding prep status
  • 8: show logUID info
  • 9: device log cache reloading status
  • 10: dz_client cache status
  • 11: file stats
  • 12: stop/restart receiving logs

  • 99: restart fortilogd

logfiled <integer> ...

Logfile daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 4: show ADOM statistics
  • 5: show device statistics
  • 6: show auto-del statistics
  • 7: show log file disk usage
  • 8: update log file disk usage
  • 90: reset statistics and state
  • 91: force to preen content files info
  • 99: restart daemon

logfwd <integer> ...

Logfwd daemon test usage:

  • 0: Usage
  • 1: Dump log-forward configurations
  • 2: Dump thread-pool status
  • 3: Dump log-forwarding status
  • 98: Reset log-forwarding stats
  • 99: Restart logfwd

log-fetchd <integer> ...

Log-fetch daemon test usage:

  • 1: show PID
  • 2: show states
  • 3: show running sessions
  • 99: restart the daemon

miglogd <integer> ...

Miglogd daemon test usage:

  • 1: show PID
  • 2: dump memory pool
  • 99: restart daemon

oftpd <integer> ...

Oftpd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show connected device name and IP
  • 4: show detailed session state
  • 5: show oftp request statistics
  • 6: show cmdb device cache
  • 7: show logfwd thread stats
  • 8: show tasklist statistics
  • 9: show unreg dev cache
  • 10: log cluster bridge stats
  • 12: show HA group cache
  • 13: show file fwd stats
  • 22: dump oftp-restapi-sched status
  • 30: dump csf groups data in all adoms in json string
  • 32: reschedule all restapi task for designated devid
  • 50: display logtypes for all devid
  • 90: reload un-reg device tree
  • 91: delete designated csf group
  • 92: reload reg dev cache
  • 99: restart daemon

rptchkd <integer> ...

Sqlrptcache daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: list adoms
  • 5: re-check an adom
  • 99: restart daemon

snmpd <integer> ...

SNMP daemon test usage:

  • 1: display daemon pid
  • 2: display snmp statistics
  • 3: clear snmp statistics
  • 4: generate test trap (cpu high)
  • 5: generate test traps (log alert, rate, data rate)
  • 6: generate test traps (licensed gb/day, device quota)
  • 99: restart daemon

sqllogd <integer> ...

SqlLog daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show worker init state
  • 4: show worker thread info
  • 5: show log device scan info, optionally filter by <devid>
  • 7: show ADOM device list by <adom-name>
  • 8: show logUID info
  • 9: show ADOM scan sync info, optionally filter by <adom>
  • 10: show FortiClient dev to sql-ID (sID) map
  • 11: show devtable cache info
  • 12: show intfrole cache info
  • 41: show worker 1 info
  • 51: show worker 1 registered log devices
  • 61: show worker 1 open log file cache
  • 70: show sql database building progress
  • 71: show the progress of upgrading log files into per-vdom storage
  • 72: run the upgrading log files into per-vdom storage
  • 80: show daemon status flags
  • 81: show debug zone devices status
  • 82: show all adoms with member devices or filer by <adom-name>
  • 83: show all registered logdevs
  • 84: show all unreg logdevs
  • 95: request to rebuild SQL database for local event logs
  • 96: resend all pending batch files to sqlplugind
  • 97: rebuilding warm restart
  • 98: set worker assignment to policy 'round-robin' or 'adom-affinity', daemon will restart on policy change.
  • 99: restart daemon
  • 200: diag for log based alert (event mgmt) ..
  • 201: diag for utmref cache ..
  • 202: diag for fgt-fct corelation ..
  • 203: diag for logstat ..
  • 204: diag for IoC ..
  • 205: diag for endpoint and enduser ..
  • 206: diag for ueba ..
  • 207: diag for FSA scan session ..
  • 208: diag for audit report event process ..
  • 221: estimated browsing time stats
  • 222: fsa devmap cache info
  • 224: fgt lograte cache info
  • 225: dump enum field error cache
  • 226: reset enum field error cache

sqlrptcached <integer> ...

Sqlrptcache daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 99: restart daemon

syncsched <integer> ...

syncsched daemon test usage:

  • 1: show daemon PID
  • 2: show report nodes states
  • 3: show report syncing state
  • 4: show ha sync peers
  • 10: sync reports with peer
  • 11: fsync stat
  • 12: fsync reload
  • 99: restart daemon

uploadd <integer> ...

Uploadd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show uploadd queues content
  • 5: show upload server state
  • 50: clear log queue [mirror server1]
  • 51: clear log queue [mirror server2]
  • 52: clear log queue [mirror server3]
  • 53: clear log queue [backup]
  • 54: clear log queue [original request]
  • 55: clear log queues [all]
  • 56: clear report queue
  • 99: restart daemon

test connection

Test the connection to the mail server and syslog server.

Syntax

diagnose test connection fortianalyzer <ip>

diagnose test connection mailserver <server-name> <mail-from> <mail-to>

diagnose test connection syslogserver <server-name>

Variable

Description

fortianalyzer <ip>

Test the connection to the FortiAnalyzer.

mailserver <server-name> <mail-from> <mail-to>

Test the connection to the mail server.

syslogserver <server-name>

Test the connection to the syslog server.

test policy-check

Check policy consistency.

Syntax

diagnose test policy-check flush

diagnose test policy-check list

Variable

Description

flush

Flush all policy check sessions.

list

List all policy check sessions.

test search

Test the search daemon.

Syntax

diagnose test search flush

diagnose test search list

Variable

Description

flush

Flush all search sessions.

list

List all search sessions.

test sftp

Use this command to test the secure file transfer protocol (SFTP) scheduled backup.

Syntax

diagnose test sftp auth <sftp server> <username> <password> <directory>

Variable

Description

<sftp server>

SFTP server IP address.

<username>

SFTP server username.

<password>

SFTP server password.

<directory>

The directory on the SFTP server where you want to put the file (default = /).

test

test

Use the following commands to test the FortiAnalyzer.

test application

Use this command to test application daemons. Enter an unassigned integer value to see the available options for each command.

Syntax

diagnose test application apiproxyd <integer> <integer> ... <integer>

diagnose test application clusterd <integer> <integer> ... <integer>

diagnose test application execmd <integer> <integer> ... <integer>

diagnose test application fazcfgd <integer> <integer> ... <integer>

diagnose test application fazmaild <integer> <integer> ... <integer>

diagnose test application faznotify <integer> <integer> ... <integer>

diagnose test application fazsvcd <integer> <integer> ... <integer>

diagnose test application fazwatchd <integer> <integer> ... <integer>

diagnose test application filefwd <integer> <integer> ... <integer>

diagnose test application fortilogd <integer> <integer> ... <integer>

diagnose test application logfiled <integer> <integer> ... <integer>

diagnose test application logfwd <integer> <integer> ... <integer>

diagnose test application log-fetchd <integer> <integer> ... <integer>

diagnose test application miglogd <integer> <integer> ... <integer>

diagnose test application oftpd <integer> <integer> ... <integer>

diagnose test application rptchkd <integer> <integer> ... <integer>

diagnose test application snmpd <integer> <integer> ... <integer>

diagnose test application sqllogd <integer> <integer> ... <integer>

diagnose test application sqlrptcached <integer> <integer> ... <integer>

diagnose test application syncsched <integer> <integer> ... <integer>

diagnose test application uploadd <integer> <integer> ... <integer>

Variable

Description

apiproxyd <integer> ...

API proxy daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 20: fsa tracer log request
  • 21: fsa tracer log request
  • 99: restart daemon

clusterd <integer> ...

Clusterd daemon test usage:

  • 0: Usage
  • 1: Thread pool status
  • 2: Log Cluster core
  • 3: Devices cache module
  • 4: Logging Topology module
  • 5: Avatar uploading module
  • 6: Meta-CSF uploading module
  • 7: Meta-InterfaceRole module
  • 8: Tunnel module
  • 9: oftpd file fwd module
  • 10: Service module
  • 97: HA module
  • 98: Monitor status
  • 99: Restart clusterd
  • 100: Restart clusterd and clusterd-monitor

execmd <integer> ...

Execmd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 99: restart daemon

fazcfgd <integer> ...

Fazcfg daemon test usage:

  • 1: show PID
  • 2: show statistics
  • 40: DVM cache diag info

  • 41: CSF diag info

  • 42: IntfRole diag info

  • 48: test update link prefixes file

  • 49: test update webfilter categories description file

  • 50: test get app icon
  • 51: test update app logo files
  • 52: dvm call stats
  • 53: dvm call stats clear
  • 54: check ips/app meta-data update
  • 55: log disk readahead get
  • 56: log disk readahead toggle
  • 57: fix redis service
  • 58: check redis service
  • 60: test fortigate restful api

  • 82: list avatar meta-data

  • 83: rebuild avatar meta-data table

  • 84: rebuild ips meta-data table
  • 85: rebuild app meta-data table
  • 86: rebuild FortiClient Vulneribility meta-data table
  • 88: update ffdb meta-data

  • 90: use built-in TIDB package and disable updating it

  • 91: enable updating TIDB package

  • 92: disable updating TIDB package

  • 99: restart daemon

fazmaild <integer> ...

Fazmaild daemon test usage:

  • 1: show PID and daemon status
  • 2: show runtime status
  • 90: pause sending mail
  • 91: resume sending mail
  • 99: restart fazmaild daemon

faznotify <integer> ...

Faznotify daemon test usage:

  • 0: usage information
  • 1: show faznotify pid
  • 2: show faznotify statistics [clear]
  • 10: send a faznotify <adom> <id> <send-data>
  • 20: show active channel
  • 29: delete active channel <adom> <id>
  • 30: pause active channel <seconds>
  • 99: restart

fazsvcd <integer> ...

Fazsvcd daemon test usage:

  • 1: show PID
  • 2: show daemon stats and status
  • 3: list async search threads
  • 4: dump async search slot info
  • 5: show cache builder stats
  • 6: dump cache builder playlist
  • 7: dump log search filters
  • 10: show database log stats aggregated per day
  • 11: show received log stats aggregated per day
  • 50: enable or disable cache builder
  • 51: enable or disable auto custom index
  • 52: enable or disable skip-index usage
  • 60: rawlog idx cache test
  • 61: logbrowse cache stats
  • 70: show stats for device vdom cache
  • 71: show stats for remote fortiview and reports
  • 75: data masking test: <passwd> <plaint test> <1|0 (high secure)> [do_unmasking]
  • 99: restart daemon

fazwatchd <integer> ...

Fazwatchd daemon test usage:

  • 1: show summary
  • 99: restart daemon

filefwd <integer> ...

Filefwd daemon test usage:

  • 1: show daemon PID
  • 2: show daemon stats
  • 3: show threads stats
  • 99: restart daemon

fortilogd <integer> ...

Fortilogd Diag test usage:

  • 0: usage information
  • 1: show fortilogd PID
  • 2: dump message status
  • 3: logstat status
  • 4: client devices status
  • 5: print log received
  • 6: switch on/off debug messages
  • 7: log forwarding prep status
  • 8: show logUID info
  • 9: device log cache reloading status
  • 10: dz_client cache status
  • 11: file stats
  • 12: stop/restart receiving logs

  • 99: restart fortilogd

logfiled <integer> ...

Logfile daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 4: show ADOM statistics
  • 5: show device statistics
  • 6: show auto-del statistics
  • 7: show log file disk usage
  • 8: update log file disk usage
  • 90: reset statistics and state
  • 91: force to preen content files info
  • 99: restart daemon

logfwd <integer> ...

Logfwd daemon test usage:

  • 0: Usage
  • 1: Dump log-forward configurations
  • 2: Dump thread-pool status
  • 3: Dump log-forwarding status
  • 98: Reset log-forwarding stats
  • 99: Restart logfwd

log-fetchd <integer> ...

Log-fetch daemon test usage:

  • 1: show PID
  • 2: show states
  • 3: show running sessions
  • 99: restart the daemon

miglogd <integer> ...

Miglogd daemon test usage:

  • 1: show PID
  • 2: dump memory pool
  • 99: restart daemon

oftpd <integer> ...

Oftpd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show connected device name and IP
  • 4: show detailed session state
  • 5: show oftp request statistics
  • 6: show cmdb device cache
  • 7: show logfwd thread stats
  • 8: show tasklist statistics
  • 9: show unreg dev cache
  • 10: log cluster bridge stats
  • 12: show HA group cache
  • 13: show file fwd stats
  • 22: dump oftp-restapi-sched status
  • 30: dump csf groups data in all adoms in json string
  • 32: reschedule all restapi task for designated devid
  • 50: display logtypes for all devid
  • 90: reload un-reg device tree
  • 91: delete designated csf group
  • 92: reload reg dev cache
  • 99: restart daemon

rptchkd <integer> ...

Sqlrptcache daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: list adoms
  • 5: re-check an adom
  • 99: restart daemon

snmpd <integer> ...

SNMP daemon test usage:

  • 1: display daemon pid
  • 2: display snmp statistics
  • 3: clear snmp statistics
  • 4: generate test trap (cpu high)
  • 5: generate test traps (log alert, rate, data rate)
  • 6: generate test traps (licensed gb/day, device quota)
  • 99: restart daemon

sqllogd <integer> ...

SqlLog daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show worker init state
  • 4: show worker thread info
  • 5: show log device scan info, optionally filter by <devid>
  • 7: show ADOM device list by <adom-name>
  • 8: show logUID info
  • 9: show ADOM scan sync info, optionally filter by <adom>
  • 10: show FortiClient dev to sql-ID (sID) map
  • 11: show devtable cache info
  • 12: show intfrole cache info
  • 41: show worker 1 info
  • 51: show worker 1 registered log devices
  • 61: show worker 1 open log file cache
  • 70: show sql database building progress
  • 71: show the progress of upgrading log files into per-vdom storage
  • 72: run the upgrading log files into per-vdom storage
  • 80: show daemon status flags
  • 81: show debug zone devices status
  • 82: show all adoms with member devices or filer by <adom-name>
  • 83: show all registered logdevs
  • 84: show all unreg logdevs
  • 95: request to rebuild SQL database for local event logs
  • 96: resend all pending batch files to sqlplugind
  • 97: rebuilding warm restart
  • 98: set worker assignment to policy 'round-robin' or 'adom-affinity', daemon will restart on policy change.
  • 99: restart daemon
  • 200: diag for log based alert (event mgmt) ..
  • 201: diag for utmref cache ..
  • 202: diag for fgt-fct corelation ..
  • 203: diag for logstat ..
  • 204: diag for IoC ..
  • 205: diag for endpoint and enduser ..
  • 206: diag for ueba ..
  • 207: diag for FSA scan session ..
  • 208: diag for audit report event process ..
  • 221: estimated browsing time stats
  • 222: fsa devmap cache info
  • 224: fgt lograte cache info
  • 225: dump enum field error cache
  • 226: reset enum field error cache

sqlrptcached <integer> ...

Sqlrptcache daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 99: restart daemon

syncsched <integer> ...

syncsched daemon test usage:

  • 1: show daemon PID
  • 2: show report nodes states
  • 3: show report syncing state
  • 4: show ha sync peers
  • 10: sync reports with peer
  • 11: fsync stat
  • 12: fsync reload
  • 99: restart daemon

uploadd <integer> ...

Uploadd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show uploadd queues content
  • 5: show upload server state
  • 50: clear log queue [mirror server1]
  • 51: clear log queue [mirror server2]
  • 52: clear log queue [mirror server3]
  • 53: clear log queue [backup]
  • 54: clear log queue [original request]
  • 55: clear log queues [all]
  • 56: clear report queue
  • 99: restart daemon

test connection

Test the connection to the mail server and syslog server.

Syntax

diagnose test connection fortianalyzer <ip>

diagnose test connection mailserver <server-name> <mail-from> <mail-to>

diagnose test connection syslogserver <server-name>

Variable

Description

fortianalyzer <ip>

Test the connection to the FortiAnalyzer.

mailserver <server-name> <mail-from> <mail-to>

Test the connection to the mail server.

syslogserver <server-name>

Test the connection to the syslog server.

test policy-check

Check policy consistency.

Syntax

diagnose test policy-check flush

diagnose test policy-check list

Variable

Description

flush

Flush all policy check sessions.

list

List all policy check sessions.

test search

Test the search daemon.

Syntax

diagnose test search flush

diagnose test search list

Variable

Description

flush

Flush all search sessions.

list

List all search sessions.

test sftp

Use this command to test the secure file transfer protocol (SFTP) scheduled backup.

Syntax

diagnose test sftp auth <sftp server> <username> <password> <directory>

Variable

Description

<sftp server>

SFTP server IP address.

<username>

SFTP server username.

<password>

SFTP server password.

<directory>

The directory on the SFTP server where you want to put the file (default = /).