Fortinet black logo

CLI Reference

test

test

Use the following commands to test the FortiManager.

test application

Use this command to test applications. Multiple variables can be entered for each command.

Syntax

diagnose test application apiproxyd <integer> <integer> ... <integer>

diagnose test application clusterd <integer> <integer> ... <integer>

diagnose test application execmd <integer> <integer> ... <integer>

diagnose test application fazcfgd <integer> <integer> ... <integer>

diagnose test application fazmaild <integer> <integer> ... <integer>

diagnose test application faznotify <integer> <integer> ... <integer>

diagnose test application fazsvcd <integer> <integer> ... <integer>

diagnose test application fazwatchd <integer> <integer> ... <integer>

diagnose test application filefwd <integer> <integer> ... <integer>

diagnose test application fileparsed <integer> <integer> ... <integer>

diagnose test application fortilogd <integer> <integer> ... <integer>

diagnose test application logfiled <integer> <integer> ... <integer>

diagnose test application logfwd <integer> <integer> ... <integer>

diagnose test application log-fetchd <integer> <integer> ... <integer>

diagnose test application miglogd <integer> <integer> ... <integer>

diagnose test application oftpd <integer> <integer> ... <integer>

diagnose test application rptchkd <integer> <integer> ... <integer>

diagnose test application scansched <integer> <integer> ... <integer>

diagnose test application siemagentd <integer> <integer> ... <integer>

diagnose test application siemdbd <integer> <integer> ... <integer>

diagnose test application snmpd <integer> <integer> ... <integer>

diagnose test application sqllogd <integer> <integer> ... <integer>

diagnose test application sqlplugind <integer> <integer> ... <integer>

diagnose test application sqlreportd <integer> <integer> ... <integer>

diagnose test application sqlrptcached <integer> <integer> ... <integer>

diagnose test application syncsched <integer> <integer> ... <integer>

diagnose test application uploadd <integer> <integer> ... <integer>

Variable

Description

apiproxyd <integer> ...

API proxy daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 20: fsa tracer log request
  • 21: fsa tracer log request
  • 99: restart daemon

clusterd <integer> ...

Clusterd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: Thread pool status
  • 3: Log Cluster core
  • 4: Devices cache module
  • 5: Logging Topology module
  • 6: Avatar uploading module
  • 7: Meta-CSF uploading module
  • 8: Meta-InterfaceRole module
  • 9: Tunnel module
  • 10: oftpd file fwd module
  • 11: Service module
  • 97: HA module
  • 98: Monitor status
  • 99: Restart clusterd
  • 100: Restart clusterd and clusterd-monitor
  • 102: Various tests...

execmd <integer> ...

Execmd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show statistics of cmd tool
  • 5: reset statistics of cmd tool
  • 99: restart daemon

fazcfgd <integer> ...

Fazcfg daemon test usage:

  • 1: show PID
  • 2: show statistics
  • 3: show merged ca info
  • 40: DVM cache diag info

  • 41: CSF diag info

  • 42: ncmdb diag info

  • 43: reload csf info in devtable

  • 44: show log device group stats

  • 45: check log device group

  • 48: test update link prefixes file

  • 49: test update webfilter categories description file

  • 50: test get app icon
  • 51: test update app logo files
  • 52: dvm call stats
  • 53: dvm call stats clear
  • 55: log disk readahead get
  • 56: log disk readahead toggle
  • 57: fix redis service
  • 58: check redis service
  • 59: test update faz license
  • 60: test fortigate restful api

  • 65: log aggregation server stats

  • 66: log aggregation server state toggle (debug only)

  • 82: list avatar meta-data

  • 83: rebuild avatar meta-data table

  • 84: rebuild ips meta-data table
  • 85: rebuild app meta-data table
  • 86: rebuild FortiClient Vulneribility meta-data table
  • 88: update ffdb meta-data

  • 90: use built-in TIDB package and disable updating it

  • 91: enable updating TIDB package

  • 92: disable updating TIDB package

  • 93: switch on/off adom default report schedule

  • 94: switch on/off report schedule by name

  • 97: set 'force_restore_data' flag for clickhouse start

  • 99: restart daemon

This test is only functional when FortiAnalyzer features are enabled

fazmaild <integer> ...

Fazmaild daemon test usage:

  • 1: show PID and daemon status
  • 2: show runtime status
  • 90: pause sending mail
  • 91: resume sending mail
  • 99: restart fazmaild daemon

This test is only functional when FortiAnalyzer features are enabled

faznotify <integer> ...

Faznotify daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show faznotify statistics [clear]
  • 10: send a faznotify <adom> <id> <send-data>
  • 20: show active channel
  • 29: delete active channel <adom> <id>
  • 30: pause active channel <seconds>
  • 99: restart

This test is only functional when FortiAnalyzer features are enabled

fazsvcd <integer> ...

Fazsvcd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats and status
  • 3: list async search threads
  • 4: dump async search slot info
  • 5: show cache builder stats
  • 6: dump cache builder playlist
  • 7: dump log search filters
  • 10: show database log stats aggregated per day
  • 11: show received log stats aggregated per day
  • 50: enable or disable cache builder
  • 51: enable or disable auto custom index
  • 60: rawlog idx cache test
  • 61: logbrowse cache stats
  • 70: show stats for device vdom cache
  • 71: show stats for remote fortiview and reports
  • 75: data masking test: <passwd> <plaint test> <1|0 (high secure)> [do_unmasking]
  • 99: restart daemon
  • 200: gui api test
  • 201: diag for jsonrpc ..

This test is only functional when FortiAnalyzer features are enabled

fazwatchd <integer> ...

Fazwatchd daemon test usage:

  • 1: show process summary and report stats
  • 2: show playbook stats
  • 4: show nac asset stats
  • 5: show playbook task log
  • 6: show ha command execution stats
  • 9: show pgsvr.log monitor stats
  • 99: restart daemon

This test is only functional when FortiAnalyzer features are enabled

filefwd <integer> ...

Filefwd daemon test usage:

  • 1: show daemon PID
  • 2: show daemon stats
  • 3: show threads stats
  • 99: restart daemon

fileparsed <integer> ...

Fileparsed daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show devtable local cache status
  • 4: reload devtable local cache.
  • 11: show FortiGate interface cache status
  • 12: show FortiGate interface parsers status
  • 13: show FortiGate interface archived files disk usage
  • 14: show FortiGate interface archived files retention days
  • 15: show FortiGate interface info
  • 16: show total number of interface trimmed from database
  • 98: rebuild FortiGate interface SQL tables
  • 99: restart daemon

fortilogd <integer> ...

Fortilogd Diag test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: dump message status
  • 3: logstat status
  • 4: client devices status
  • 5: print log received
  • 6: switch on/off debug messages
  • 7: log forwarding prep status
  • 8: show logUID info
  • 9: device log cache reloading status
  • 10: dz_client cache status
  • 11: file stats
  • 12: stop/restart receiving logs

  • 14: show cached adom lograte status

  • 15: show cached adom log volume status

  • 16: show appevent logs receiving info

  • 17: show logging rate of the system and per-device

  • 90: show or set fortilogd working status

  • 95: show runtime logs. option format: pid=0:current,-1:all,PID duration=DURA filter=STR

  • 98: memory check

  • 99: restart fortilogd

logfiled <integer> ...

Logfile daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 4: show ADOM statistics
  • 5: show device statistics
  • 6: show auto-del statistics
  • 7: show log file disk usage
  • 8: update log file disk usage
  • 9: show inode usage
  • 10: enable or disable debug filter of device and vdom
  • 11: du cache diag commands
  • 12: force to check the oldest log litime when trim log files.
  • 90: reset statistics and state
  • 91: force to preen content files info
  • 99: restart daemon

logfwd <integer> ...

Logfwd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: Dump thread-pool status
  • 3: Dump log-forward configurations
  • 4: Dump log-forwarding status
  • 5: Overall and converter stats
  • 6: Dump HA CID info
  • 7: show runtime logs. option format: pid=0:current,-1:all,PID duration=DURA filter=STR
  • 8: show cfile list status [all: for all cfiles]
  • 9: show max duration of loss in memory mode, 120 seconds default, 0 to disable memory mode
  • 10: Force logfwd to run in disk mode [1:enable, 0:disable]
  • 97: memory check
  • 98: Reset log-forwarding stats
  • 99: Restart logfwd

log-fetchd <integer> ...

Log-fetch daemon test usage:

  • 1: show PID
  • 2: show states
  • 3: show running sessions
  • 99: restart the daemon

miglogd <integer> ...

Miglogd daemon test usage:

  • 1: show PID
  • 2: dump memory pool
  • 99: restart daemon

oftpd <integer> ...

Oftpd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: show connected device name and IP
  • 4: show detailed session state
  • 5: show oftp request statistics
  • 6: show cmdb device cache
  • 7: show logfwd thread stats
  • 8: show tasklist statistics
  • 9: show unreg dev cache
  • 10: log cluster bridge stats
  • 11: show helper threads stats
  • 12: show HA group cache
  • 13: show file fwd stats
  • 14: show fct software inventory cache
  • 15: show fgt interface stats
  • 16: show fos-auto device dump. [dev] to dump device list
  • 17: show device logging rate & rate-limit. [enable] to force tracking log-rate or [disable] to track only rate-limited devices. [config] to show config
  • 21: dump oftp-restapi-sched stats
  • 22: dump oftp-restapi-sched status
  • 30: dump csf groups data in all adoms in json string
  • 31: show csf groups update stats
  • 32: reschedule all restapi task for designated devid
  • 40: test loading a CA cert from local path
  • 42: device logging disable [show] |add|del|reload
  • 50: display logtypes for all devid
  • 60: display login requests stats
  • 90: reload un-reg device tree
  • 91: delete designated csf group
  • 92: reload reg dev cache
  • 95: debug output
  • 99: restart daemon

rptchkd <integer> ...

Sqlrptcache daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: list adoms
  • 6: list schedules
  • 99: restart daemon
  • 910: enable rptchkd
  • 911: disable rptchkd

scansched <integer> ...

Scansched daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 11: show ioc-rescan task status
  • 99: restart daemon

siemagentd <integer> ...

Siemagentd daemon test usage:

  • 1: show PID

  • 2: show daemon statistics

  • 3: show daemon worker statistics

  • 4: show daemon worker status stats

  • 5: show supported device-log types

  • 11: worker process run

  • 12: worker process suspend

  • 13: worker process exit

  • 14: worker process reload config

  • 20: show the siem stream storage info

  • 21: show the latest siem stream submitted in redis

  • 98: restart daemon controller

  • 99: restart daemon

  • 201~209: send diag cmd to worker

siemdbd <integer> ...

Siemdbd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)

  • 2: show statistics and state

  • 4: show writers info

  • 5: show splitter info

  • 6: show Adom database info

  • 7: show trimmer info

  • 8: add or drop skip indices on SIEM table

  • 9: set/reset max memory usage ratio

  • 41: show writer 1 info

  • 42: show writer 2 info

  • 43: show writer 3 info

  • 99: restart daemon

snmpd <integer> ...

SNMP daemon test usage:

  • 1: display daemon pid
  • 2: display snmp statistics
  • 3: clear snmp statistics
  • 4: generate test trap (cpu high)
  • 5: generate test traps (log alert, rate, data rate)
  • 6: generate test traps (licensed gb/day, device quota)
  • 99: restart daemon

sqllogd <integer> ...

SqlLog daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: show worker init state
  • 4: show worker thread info
  • 5: show log device scan info, optionally filter by <devid>
  • 7: show ADOM device list by <adom-name>
  • 8: show logUID info
  • 9: show ADOM scan sync info, optionally filter by <adom>
  • 10: show FortiClient dev to sql-ID (sID) map
  • 11: show devtable cache info
  • 12: show intfrole cache info
  • 41: show worker 1 info
  • 51: show worker 1 registered log devices
  • 61: show worker 1 open log file cache
  • 70: show sql database building progress
  • 71: show the progress of upgrading log files into per-vdom storage
  • 72: run the upgrading log files into per-vdom storage
  • 80: show daemon status flags
  • 81: show debug zone devices status
  • 82: show all adoms with member devices or filer by <adom-name>
  • 83: show all registered logdevs
  • 84: show all unreg logdevs
  • 85: show fazid map stats
  • 91: diag worker devvd loadbalance
  • 95: request to rebuild SQL database for local event logs
  • 96: resend all pending batch files to sqlplugind
  • 97: rebuilding warm restart
  • 98: set worker assignment to policy 'round-robin' or 'adom-affinity', daemon will restart on policy change.
  • 99: restart daemon
  • 200: diag for log based alert (event mgmt) ..
  • 201: diag for utmref cache ..
  • 202: diag for fgt-fct corelation ..
  • 203: diag for logstat ..
  • 204: diag for IoC ..
  • 205: diag for endpoint and enduser ..
  • 206: diag for ueba ..
  • 207: diag for FSA scan session ..
  • 208: diag for audit report event process ..
  • 221: estimated browsing time stats
  • 222: fsa devmap cache info
  • 224: fgt lograte cache info
  • 225: dump enum field error cache
  • 226: reset enum field error cache
  • 227: dump tz field error cache
  • 228: reset tz field error cache

sqlplugind <integer> ...

Sqlplugind daemon test usage:

  • Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats
  • 3: show SIEM table stats
  • 4: show table compressor stats
  • 5: show table compressor Adom stats
  • 91: scan hcache query templates and clean up unused
  • 98: scan and clean zombie cstore files
  • 99: restart daemon

sqlreportd <integer> ...

Sqlreportd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats

sqlrptcached <integer> ...

Sqlrptcache daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: reset statistics and state
  • 5: dump auto-cache charts
  • 99: restart daemon

syncsched <integer> ...

Syncsched daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show report nodes states
  • 3: show report syncing state
  • 4: show ha sync peers
  • 5: reset ha sync queue
  • 6: show ha elog sync
  • 10: sync reports with peer
  • 11: fsync stat
  • 12: fsync reload
  • 13: trim sync dir stat
  • 99: restart daemon

uploadd <integer> ...

Uploadd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show uploadd queues content
  • 5: show upload server state
  • 50: clear log queue [mirror server1]
  • 51: clear log queue [mirror server2]
  • 52: clear log queue [mirror server3]
  • 53: clear log queue [backup]
  • 54: clear log queue [original request]
  • 55: clear log queues [all]
  • 56: clear report queue
  • 60: cloud storage get backlog info
  • 61: cloud storage get setting pending info <setting name>
  • 62: cloud storage get connector <connector> <remote path>
  • 63: cloud storage get usage info
  • 99: restart daemon

test connection

Use this command to test connections.

Syntax

diagnose test connection fortianalyzer <ip>

diagnose test connection mailserver <server-name> <mail-from> <mail-to>

diagnose test connection syslogserver <server-name>

Variable

Description

fortianalyzer <ip>

Test the connection to the FortiAnalyzer.

mailserver <server-name> <mail-from> <mail-to>

Test the connection to the mail server.

syslogserver <server-name>

Test the connection to the syslog server.

test deploymanager

Use this command to test the deployment manager.

Syntax

diagnose test deploymanager getcheckin <devid>

diagnose test deploymanager reloadconf <devid>

Variable

Description

getcheckin <devid>

Get configuration check-in information from the FortiGate.

reloadconf <devid>

Reload configuration from the FortiGate.

test policy-check

Use this command to list or flush policy consistency checks.

Syntax

diagnose test policy-check flush

diagnose test policy-check list

Variable

Description

flush

Flush all policy check sessions.

list

List all policy check sessions.

test search

Use this command to test the search daemon.

Syntax

diagnose test search flush

diagnose test search list

Variable

Description

flush

Flush all search sessions.

list

List all search sessions.

test sftp

Use this command to test the secure file transfer protocol (SFTP) scheduled backup.

Syntax

diagnose test sftp auth <sftp server> <username> <password> <directory>

Variable

Description

<sftp server>

SFTP server IP address.

<username>

SFTP server username.

<password>

SFTP server password.

<directory>

The directory on the SFTP server where you want to put the file (default = /).

test

Use the following commands to test the FortiManager.

test application

Use this command to test applications. Multiple variables can be entered for each command.

Syntax

diagnose test application apiproxyd <integer> <integer> ... <integer>

diagnose test application clusterd <integer> <integer> ... <integer>

diagnose test application execmd <integer> <integer> ... <integer>

diagnose test application fazcfgd <integer> <integer> ... <integer>

diagnose test application fazmaild <integer> <integer> ... <integer>

diagnose test application faznotify <integer> <integer> ... <integer>

diagnose test application fazsvcd <integer> <integer> ... <integer>

diagnose test application fazwatchd <integer> <integer> ... <integer>

diagnose test application filefwd <integer> <integer> ... <integer>

diagnose test application fileparsed <integer> <integer> ... <integer>

diagnose test application fortilogd <integer> <integer> ... <integer>

diagnose test application logfiled <integer> <integer> ... <integer>

diagnose test application logfwd <integer> <integer> ... <integer>

diagnose test application log-fetchd <integer> <integer> ... <integer>

diagnose test application miglogd <integer> <integer> ... <integer>

diagnose test application oftpd <integer> <integer> ... <integer>

diagnose test application rptchkd <integer> <integer> ... <integer>

diagnose test application scansched <integer> <integer> ... <integer>

diagnose test application siemagentd <integer> <integer> ... <integer>

diagnose test application siemdbd <integer> <integer> ... <integer>

diagnose test application snmpd <integer> <integer> ... <integer>

diagnose test application sqllogd <integer> <integer> ... <integer>

diagnose test application sqlplugind <integer> <integer> ... <integer>

diagnose test application sqlreportd <integer> <integer> ... <integer>

diagnose test application sqlrptcached <integer> <integer> ... <integer>

diagnose test application syncsched <integer> <integer> ... <integer>

diagnose test application uploadd <integer> <integer> ... <integer>

Variable

Description

apiproxyd <integer> ...

API proxy daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 20: fsa tracer log request
  • 21: fsa tracer log request
  • 99: restart daemon

clusterd <integer> ...

Clusterd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: Thread pool status
  • 3: Log Cluster core
  • 4: Devices cache module
  • 5: Logging Topology module
  • 6: Avatar uploading module
  • 7: Meta-CSF uploading module
  • 8: Meta-InterfaceRole module
  • 9: Tunnel module
  • 10: oftpd file fwd module
  • 11: Service module
  • 97: HA module
  • 98: Monitor status
  • 99: Restart clusterd
  • 100: Restart clusterd and clusterd-monitor
  • 102: Various tests...

execmd <integer> ...

Execmd daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show statistics of cmd tool
  • 5: reset statistics of cmd tool
  • 99: restart daemon

fazcfgd <integer> ...

Fazcfg daemon test usage:

  • 1: show PID
  • 2: show statistics
  • 3: show merged ca info
  • 40: DVM cache diag info

  • 41: CSF diag info

  • 42: ncmdb diag info

  • 43: reload csf info in devtable

  • 44: show log device group stats

  • 45: check log device group

  • 48: test update link prefixes file

  • 49: test update webfilter categories description file

  • 50: test get app icon
  • 51: test update app logo files
  • 52: dvm call stats
  • 53: dvm call stats clear
  • 55: log disk readahead get
  • 56: log disk readahead toggle
  • 57: fix redis service
  • 58: check redis service
  • 59: test update faz license
  • 60: test fortigate restful api

  • 65: log aggregation server stats

  • 66: log aggregation server state toggle (debug only)

  • 82: list avatar meta-data

  • 83: rebuild avatar meta-data table

  • 84: rebuild ips meta-data table
  • 85: rebuild app meta-data table
  • 86: rebuild FortiClient Vulneribility meta-data table
  • 88: update ffdb meta-data

  • 90: use built-in TIDB package and disable updating it

  • 91: enable updating TIDB package

  • 92: disable updating TIDB package

  • 93: switch on/off adom default report schedule

  • 94: switch on/off report schedule by name

  • 97: set 'force_restore_data' flag for clickhouse start

  • 99: restart daemon

This test is only functional when FortiAnalyzer features are enabled

fazmaild <integer> ...

Fazmaild daemon test usage:

  • 1: show PID and daemon status
  • 2: show runtime status
  • 90: pause sending mail
  • 91: resume sending mail
  • 99: restart fazmaild daemon

This test is only functional when FortiAnalyzer features are enabled

faznotify <integer> ...

Faznotify daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show faznotify statistics [clear]
  • 10: send a faznotify <adom> <id> <send-data>
  • 20: show active channel
  • 29: delete active channel <adom> <id>
  • 30: pause active channel <seconds>
  • 99: restart

This test is only functional when FortiAnalyzer features are enabled

fazsvcd <integer> ...

Fazsvcd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats and status
  • 3: list async search threads
  • 4: dump async search slot info
  • 5: show cache builder stats
  • 6: dump cache builder playlist
  • 7: dump log search filters
  • 10: show database log stats aggregated per day
  • 11: show received log stats aggregated per day
  • 50: enable or disable cache builder
  • 51: enable or disable auto custom index
  • 60: rawlog idx cache test
  • 61: logbrowse cache stats
  • 70: show stats for device vdom cache
  • 71: show stats for remote fortiview and reports
  • 75: data masking test: <passwd> <plaint test> <1|0 (high secure)> [do_unmasking]
  • 99: restart daemon
  • 200: gui api test
  • 201: diag for jsonrpc ..

This test is only functional when FortiAnalyzer features are enabled

fazwatchd <integer> ...

Fazwatchd daemon test usage:

  • 1: show process summary and report stats
  • 2: show playbook stats
  • 4: show nac asset stats
  • 5: show playbook task log
  • 6: show ha command execution stats
  • 9: show pgsvr.log monitor stats
  • 99: restart daemon

This test is only functional when FortiAnalyzer features are enabled

filefwd <integer> ...

Filefwd daemon test usage:

  • 1: show daemon PID
  • 2: show daemon stats
  • 3: show threads stats
  • 99: restart daemon

fileparsed <integer> ...

Fileparsed daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: show devtable local cache status
  • 4: reload devtable local cache.
  • 11: show FortiGate interface cache status
  • 12: show FortiGate interface parsers status
  • 13: show FortiGate interface archived files disk usage
  • 14: show FortiGate interface archived files retention days
  • 15: show FortiGate interface info
  • 16: show total number of interface trimmed from database
  • 98: rebuild FortiGate interface SQL tables
  • 99: restart daemon

fortilogd <integer> ...

Fortilogd Diag test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: dump message status
  • 3: logstat status
  • 4: client devices status
  • 5: print log received
  • 6: switch on/off debug messages
  • 7: log forwarding prep status
  • 8: show logUID info
  • 9: device log cache reloading status
  • 10: dz_client cache status
  • 11: file stats
  • 12: stop/restart receiving logs

  • 14: show cached adom lograte status

  • 15: show cached adom log volume status

  • 16: show appevent logs receiving info

  • 17: show logging rate of the system and per-device

  • 90: show or set fortilogd working status

  • 95: show runtime logs. option format: pid=0:current,-1:all,PID duration=DURA filter=STR

  • 98: memory check

  • 99: restart fortilogd

logfiled <integer> ...

Logfile daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 4: show ADOM statistics
  • 5: show device statistics
  • 6: show auto-del statistics
  • 7: show log file disk usage
  • 8: update log file disk usage
  • 9: show inode usage
  • 10: enable or disable debug filter of device and vdom
  • 11: du cache diag commands
  • 12: force to check the oldest log litime when trim log files.
  • 90: reset statistics and state
  • 91: force to preen content files info
  • 99: restart daemon

logfwd <integer> ...

Logfwd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: Dump thread-pool status
  • 3: Dump log-forward configurations
  • 4: Dump log-forwarding status
  • 5: Overall and converter stats
  • 6: Dump HA CID info
  • 7: show runtime logs. option format: pid=0:current,-1:all,PID duration=DURA filter=STR
  • 8: show cfile list status [all: for all cfiles]
  • 9: show max duration of loss in memory mode, 120 seconds default, 0 to disable memory mode
  • 10: Force logfwd to run in disk mode [1:enable, 0:disable]
  • 97: memory check
  • 98: Reset log-forwarding stats
  • 99: Restart logfwd

log-fetchd <integer> ...

Log-fetch daemon test usage:

  • 1: show PID
  • 2: show states
  • 3: show running sessions
  • 99: restart the daemon

miglogd <integer> ...

Miglogd daemon test usage:

  • 1: show PID
  • 2: dump memory pool
  • 99: restart daemon

oftpd <integer> ...

Oftpd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: show connected device name and IP
  • 4: show detailed session state
  • 5: show oftp request statistics
  • 6: show cmdb device cache
  • 7: show logfwd thread stats
  • 8: show tasklist statistics
  • 9: show unreg dev cache
  • 10: log cluster bridge stats
  • 11: show helper threads stats
  • 12: show HA group cache
  • 13: show file fwd stats
  • 14: show fct software inventory cache
  • 15: show fgt interface stats
  • 16: show fos-auto device dump. [dev] to dump device list
  • 17: show device logging rate & rate-limit. [enable] to force tracking log-rate or [disable] to track only rate-limited devices. [config] to show config
  • 21: dump oftp-restapi-sched stats
  • 22: dump oftp-restapi-sched status
  • 30: dump csf groups data in all adoms in json string
  • 31: show csf groups update stats
  • 32: reschedule all restapi task for designated devid
  • 40: test loading a CA cert from local path
  • 42: device logging disable [show] |add|del|reload
  • 50: display logtypes for all devid
  • 60: display login requests stats
  • 90: reload un-reg device tree
  • 91: delete designated csf group
  • 92: reload reg dev cache
  • 95: debug output
  • 99: restart daemon

rptchkd <integer> ...

Sqlrptcache daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: list adoms
  • 6: list schedules
  • 99: restart daemon
  • 910: enable rptchkd
  • 911: disable rptchkd

scansched <integer> ...

Scansched daemon test usage:

  • 1: show PID
  • 2: show statistics and state
  • 3: reset statistics and state
  • 11: show ioc-rescan task status
  • 99: restart daemon

siemagentd <integer> ...

Siemagentd daemon test usage:

  • 1: show PID

  • 2: show daemon statistics

  • 3: show daemon worker statistics

  • 4: show daemon worker status stats

  • 5: show supported device-log types

  • 11: worker process run

  • 12: worker process suspend

  • 13: worker process exit

  • 14: worker process reload config

  • 20: show the siem stream storage info

  • 21: show the latest siem stream submitted in redis

  • 98: restart daemon controller

  • 99: restart daemon

  • 201~209: send diag cmd to worker

siemdbd <integer> ...

Siemdbd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)

  • 2: show statistics and state

  • 4: show writers info

  • 5: show splitter info

  • 6: show Adom database info

  • 7: show trimmer info

  • 8: add or drop skip indices on SIEM table

  • 9: set/reset max memory usage ratio

  • 41: show writer 1 info

  • 42: show writer 2 info

  • 43: show writer 3 info

  • 99: restart daemon

snmpd <integer> ...

SNMP daemon test usage:

  • 1: display daemon pid
  • 2: display snmp statistics
  • 3: clear snmp statistics
  • 4: generate test trap (cpu high)
  • 5: generate test traps (log alert, rate, data rate)
  • 6: generate test traps (licensed gb/day, device quota)
  • 99: restart daemon

sqllogd <integer> ...

SqlLog daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: show worker init state
  • 4: show worker thread info
  • 5: show log device scan info, optionally filter by <devid>
  • 7: show ADOM device list by <adom-name>
  • 8: show logUID info
  • 9: show ADOM scan sync info, optionally filter by <adom>
  • 10: show FortiClient dev to sql-ID (sID) map
  • 11: show devtable cache info
  • 12: show intfrole cache info
  • 41: show worker 1 info
  • 51: show worker 1 registered log devices
  • 61: show worker 1 open log file cache
  • 70: show sql database building progress
  • 71: show the progress of upgrading log files into per-vdom storage
  • 72: run the upgrading log files into per-vdom storage
  • 80: show daemon status flags
  • 81: show debug zone devices status
  • 82: show all adoms with member devices or filer by <adom-name>
  • 83: show all registered logdevs
  • 84: show all unreg logdevs
  • 85: show fazid map stats
  • 91: diag worker devvd loadbalance
  • 95: request to rebuild SQL database for local event logs
  • 96: resend all pending batch files to sqlplugind
  • 97: rebuilding warm restart
  • 98: set worker assignment to policy 'round-robin' or 'adom-affinity', daemon will restart on policy change.
  • 99: restart daemon
  • 200: diag for log based alert (event mgmt) ..
  • 201: diag for utmref cache ..
  • 202: diag for fgt-fct corelation ..
  • 203: diag for logstat ..
  • 204: diag for IoC ..
  • 205: diag for endpoint and enduser ..
  • 206: diag for ueba ..
  • 207: diag for FSA scan session ..
  • 208: diag for audit report event process ..
  • 221: estimated browsing time stats
  • 222: fsa devmap cache info
  • 224: fgt lograte cache info
  • 225: dump enum field error cache
  • 226: reset enum field error cache
  • 227: dump tz field error cache
  • 228: reset tz field error cache

sqlplugind <integer> ...

Sqlplugind daemon test usage:

  • Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats
  • 3: show SIEM table stats
  • 4: show table compressor stats
  • 5: show table compressor Adom stats
  • 91: scan hcache query templates and clean up unused
  • 98: scan and clean zombie cstore files
  • 99: restart daemon

sqlreportd <integer> ...

Sqlreportd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show daemon stats

sqlrptcached <integer> ...

Sqlrptcache daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: reset statistics and state
  • 5: dump auto-cache charts
  • 99: restart daemon

syncsched <integer> ...

Syncsched daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show report nodes states
  • 3: show report syncing state
  • 4: show ha sync peers
  • 5: reset ha sync queue
  • 6: show ha elog sync
  • 10: sync reports with peer
  • 11: fsync stat
  • 12: fsync reload
  • 13: trim sync dir stat
  • 99: restart daemon

uploadd <integer> ...

Uploadd daemon test usage:

  • 1: Daemon info (PID, meminfo, backtrace ...)
  • 2: show statistics and state
  • 3: reset statistics and state
  • 4: show uploadd queues content
  • 5: show upload server state
  • 50: clear log queue [mirror server1]
  • 51: clear log queue [mirror server2]
  • 52: clear log queue [mirror server3]
  • 53: clear log queue [backup]
  • 54: clear log queue [original request]
  • 55: clear log queues [all]
  • 56: clear report queue
  • 60: cloud storage get backlog info
  • 61: cloud storage get setting pending info <setting name>
  • 62: cloud storage get connector <connector> <remote path>
  • 63: cloud storage get usage info
  • 99: restart daemon

test connection

Use this command to test connections.

Syntax

diagnose test connection fortianalyzer <ip>

diagnose test connection mailserver <server-name> <mail-from> <mail-to>

diagnose test connection syslogserver <server-name>

Variable

Description

fortianalyzer <ip>

Test the connection to the FortiAnalyzer.

mailserver <server-name> <mail-from> <mail-to>

Test the connection to the mail server.

syslogserver <server-name>

Test the connection to the syslog server.

test deploymanager

Use this command to test the deployment manager.

Syntax

diagnose test deploymanager getcheckin <devid>

diagnose test deploymanager reloadconf <devid>

Variable

Description

getcheckin <devid>

Get configuration check-in information from the FortiGate.

reloadconf <devid>

Reload configuration from the FortiGate.

test policy-check

Use this command to list or flush policy consistency checks.

Syntax

diagnose test policy-check flush

diagnose test policy-check list

Variable

Description

flush

Flush all policy check sessions.

list

List all policy check sessions.

test search

Use this command to test the search daemon.

Syntax

diagnose test search flush

diagnose test search list

Variable

Description

flush

Flush all search sessions.

list

List all search sessions.

test sftp

Use this command to test the secure file transfer protocol (SFTP) scheduled backup.

Syntax

diagnose test sftp auth <sftp server> <username> <password> <directory>

Variable

Description

<sftp server>

SFTP server IP address.

<username>

SFTP server username.

<password>

SFTP server password.

<directory>

The directory on the SFTP server where you want to put the file (default = /).