Fortinet white logo
Fortinet white logo

Administration Guide

Customizing&downloading debug logs

Customizing&downloading debug logs

There are several ways to collect or customize debug logs.

  1. Many debug logs are stored at /var/log/gui_upload and can be downloaded via GUI:
    1. Enable upload/download option in CLI first, then you’ll see the section GUI File Download/Upload in System > Maintenance > Backup & Restore:

      config system settings

      set enable-file-upload enable

      end

    2. Select, compress and download debug logs or core/coredump files that you need.
    3. You can also login the backend shell, move or copy logs files from other directories to /var/log/gui_upload, and download them here.
  2. One-click to archive and download most important logs (Recommended Way)

    FortiWeb GUI provides a more easier way to collect such debug logs. Most logs under /var/log/debug/ and /var/log/gui_upload will be archived after you click the “Download” button on System > Maintenance > Debug > Download section.

    Before you can begin downloading the debug log, you have to enable it first via System > Config > Feature Visibility > Debug.

    Please note that some logs and core/coredump files may not be included in this archive file, so you may need to download them manually with the 1st method.

  3. You can run diagnose debug commands to customize logs included in the archive debug file.

    For example, you can capture the flow from the client 216.232.182.247 and activate the debug flow from it as below. Then you’ll find that the following files will be included in the downloaded debug file console_log.tar.gz:

    • sn.txt: SN & current build
    • entire configuration file
    • crash logs
    • daemon logs: the debug flow trace logs is included in this file
    • kernel logs

    • netstat logs

    • coredump logs

    • perf logs

    • top logs

    • nmon logs: regular record

    • jeprof.out.*.*.heap: need to enable jemalloc-conf and trigger jemalloc dump first

    • debug_net/disk/mem/process.txt or debug_out_d_mem/net/proc/cond.sh.txt: regular record

    • collect_xxx: captured pcap file (diagnose CLI filtered output) and other debug information

    • other logs

      FortiWeb # diagnose debug trace tcpdump filter "host 216.232.182.247 and port 443"

      FortiWeb # diagnose debug flow filter client-ip "216.232.182.247"

      FortiWeb # diagnose debug flow filter flow-detail 7

      FortiWeb # diagnose debug trace report

      FortiWeb # diagnose debug trace report start

      Then wait to collect traffic…

      FortiWeb # diagnose debug trace report stop

      Then you can click the “Download” button on System > Maintenance > Debug > Download to download the archive file:

      Note: To access this part of the web UI, your administrator’s account must have the prof_admin permission. For details, see "Permissions" in FortiWeb Administration Guide.

Customizing&downloading debug logs

Customizing&downloading debug logs

There are several ways to collect or customize debug logs.

  1. Many debug logs are stored at /var/log/gui_upload and can be downloaded via GUI:
    1. Enable upload/download option in CLI first, then you’ll see the section GUI File Download/Upload in System > Maintenance > Backup & Restore:

      config system settings

      set enable-file-upload enable

      end

    2. Select, compress and download debug logs or core/coredump files that you need.
    3. You can also login the backend shell, move or copy logs files from other directories to /var/log/gui_upload, and download them here.
  2. One-click to archive and download most important logs (Recommended Way)

    FortiWeb GUI provides a more easier way to collect such debug logs. Most logs under /var/log/debug/ and /var/log/gui_upload will be archived after you click the “Download” button on System > Maintenance > Debug > Download section.

    Before you can begin downloading the debug log, you have to enable it first via System > Config > Feature Visibility > Debug.

    Please note that some logs and core/coredump files may not be included in this archive file, so you may need to download them manually with the 1st method.

  3. You can run diagnose debug commands to customize logs included in the archive debug file.

    For example, you can capture the flow from the client 216.232.182.247 and activate the debug flow from it as below. Then you’ll find that the following files will be included in the downloaded debug file console_log.tar.gz:

    • sn.txt: SN & current build
    • entire configuration file
    • crash logs
    • daemon logs: the debug flow trace logs is included in this file
    • kernel logs

    • netstat logs

    • coredump logs

    • perf logs

    • top logs

    • nmon logs: regular record

    • jeprof.out.*.*.heap: need to enable jemalloc-conf and trigger jemalloc dump first

    • debug_net/disk/mem/process.txt or debug_out_d_mem/net/proc/cond.sh.txt: regular record

    • collect_xxx: captured pcap file (diagnose CLI filtered output) and other debug information

    • other logs

      FortiWeb # diagnose debug trace tcpdump filter "host 216.232.182.247 and port 443"

      FortiWeb # diagnose debug flow filter client-ip "216.232.182.247"

      FortiWeb # diagnose debug flow filter flow-detail 7

      FortiWeb # diagnose debug trace report

      FortiWeb # diagnose debug trace report start

      Then wait to collect traffic…

      FortiWeb # diagnose debug trace report stop

      Then you can click the “Download” button on System > Maintenance > Debug > Download to download the archive file:

      Note: To access this part of the web UI, your administrator’s account must have the prof_admin permission. For details, see "Permissions" in FortiWeb Administration Guide.