Fortinet black logo

Log Message Reference

10000023

Copy Link
Copy Doc ID a10d0919-b701-11ec-9fd1-fa163e15d75b:17448
Download PDF

10000023

Meaning

One of the following events:

  • A FortiWeb configuration backup to an FTP/SFTP server either succeeded or failed.
  • The scheduled configuration backup daemon started. Normally, this occurs at boot time.
  • An administrator downloaded a log file.
  • An administrator downloaded a backup of the system configuration file, fweb_system.conf.
  • An administrator downloaded an X.509 CSR.

Solution

There could be several reasons why the backup failed.

Check the IP address and login credentials that you have defined for FortiWeb’s FTP/SFTP connection.

Verify that the directory you specified to receive backups exists, and has write permissions for that user name.

Make sure that the FTP/SFTP server’s disk is not full, that it has enough disk space to receive the backup, and that that user name has not consumed its disk space quota, if any.

Verify that FortiWeb’s system time is accurate.

Make sure that the backup is not scheduled during a network or server maintenance window, when the server or daemon are down.

Test that a reliable route exists between FortiWeb and the FTP/SFTP server by using execute ping and execute traceroute commands in the CLI.

Keep in mind that if the network or the server was down for maintenance at the time of the backup attempt, the backup would have failed during that time, even if connectivity works for you now.

If you have firewalls or routers performing NAT between FortiWeb and the server, verify that FTP connections are allowed between them. Firewalls include host-based ones that may be on the server itself, such as Windows Firewall or ipfw.

Keep in mind that the FTP protocol typically requires port 21, but that its mechanism style could be active or passive FTP, and that the protocol has both a command channel and a data transfer channel. If either of these channels fail, the backup will fail. SFTP typically requires port 22.

Field name Description

ID

(log_id)

10000023

See Log ID numbers.

Sub Type

(subtype)

system

See Subtypes.

User

(user)

system

User Interface

(ui)

sys

Action

(action)

backup
start

Message

(msg)

backup backup_<FTP-backup_name>_<timestamp_str> to <server_ipv4> <folder_str> {FAIL | OK}

Examples

date=2013-10-08 time=09:42:19 log_id=10000023 msg_id=000000000038 device_id=FVVM00UNLICENSED vd="root" timezone="(GMT-5:00)Eastern Time(US & Canada )" type=event subtype="system)" pri=notification trigger_policy="" user=system ui=sys action=backup status=failed msg="ftp backup backup_scheduled_backup_20131008094215 to ftp.example.com / FAILED"

date=2013-10-08 time=10:59:14 log_id=10000023 msg_id=000000146032 type=event subtype="system" pri=information device_id=FVVM020000003619 vd="root" timezone="(GMT-5:00)Eastern Time(US & Canada)" user=system action=backup msg="backup backup_backup-to-ftp-server_20121113105913 to 172.20.120.225 Downloads/fortiweb/backups/ OK"

date=2013-10-05 time=19:26:12 log_id=10000023 msg_id=000000001038 device_id=FVVM040000010871 vd="root" timezone="(GMT-5:00)Eastern Time(US & Canada)" type=event subtype="system" pri=information trigger_policy="" user=system ui=sys action=start status=success msg="Backup daemon started"

date=2014-04-10 time=18:14:52 log_id=10000023 msg_id=000000195894 device_id=FV-1KD3A13800012 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" type=event subtype="system" pri=critical trigger_policy="" user=admin ui=GUI action=backup status=success msg="User admin backed up the Logging file from GUI(172.22.6.240)"

date=2014-04-10 time=18:17:06 log_id=10000023 msg_id=000000195895 device_id=FV-1KD3A13800012 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" type=event subtype="system" pri=critical trigger_policy="" user=admin ui=GUI action=backup status=success msg="User admin backed up the System config file from GUI(172.22.6.240)"

date=2014-04-10 time=18:18:05 log_id=10000023 msg_id=000000195897 device_id=FV-1KD3A13800012 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" type=event subtype="system" pri=critical trigger_policy="" user=admin ui=GUI action=backup status=success msg="User admin backed up the Local Cert(CSR) file from GUI(172.22.6.240)"

Related

10000023

Meaning

One of the following events:

  • A FortiWeb configuration backup to an FTP/SFTP server either succeeded or failed.
  • The scheduled configuration backup daemon started. Normally, this occurs at boot time.
  • An administrator downloaded a log file.
  • An administrator downloaded a backup of the system configuration file, fweb_system.conf.
  • An administrator downloaded an X.509 CSR.

Solution

There could be several reasons why the backup failed.

Check the IP address and login credentials that you have defined for FortiWeb’s FTP/SFTP connection.

Verify that the directory you specified to receive backups exists, and has write permissions for that user name.

Make sure that the FTP/SFTP server’s disk is not full, that it has enough disk space to receive the backup, and that that user name has not consumed its disk space quota, if any.

Verify that FortiWeb’s system time is accurate.

Make sure that the backup is not scheduled during a network or server maintenance window, when the server or daemon are down.

Test that a reliable route exists between FortiWeb and the FTP/SFTP server by using execute ping and execute traceroute commands in the CLI.

Keep in mind that if the network or the server was down for maintenance at the time of the backup attempt, the backup would have failed during that time, even if connectivity works for you now.

If you have firewalls or routers performing NAT between FortiWeb and the server, verify that FTP connections are allowed between them. Firewalls include host-based ones that may be on the server itself, such as Windows Firewall or ipfw.

Keep in mind that the FTP protocol typically requires port 21, but that its mechanism style could be active or passive FTP, and that the protocol has both a command channel and a data transfer channel. If either of these channels fail, the backup will fail. SFTP typically requires port 22.

Field name Description

ID

(log_id)

10000023

See Log ID numbers.

Sub Type

(subtype)

system

See Subtypes.

User

(user)

system

User Interface

(ui)

sys

Action

(action)

backup
start

Message

(msg)

backup backup_<FTP-backup_name>_<timestamp_str> to <server_ipv4> <folder_str> {FAIL | OK}

Examples

date=2013-10-08 time=09:42:19 log_id=10000023 msg_id=000000000038 device_id=FVVM00UNLICENSED vd="root" timezone="(GMT-5:00)Eastern Time(US & Canada )" type=event subtype="system)" pri=notification trigger_policy="" user=system ui=sys action=backup status=failed msg="ftp backup backup_scheduled_backup_20131008094215 to ftp.example.com / FAILED"

date=2013-10-08 time=10:59:14 log_id=10000023 msg_id=000000146032 type=event subtype="system" pri=information device_id=FVVM020000003619 vd="root" timezone="(GMT-5:00)Eastern Time(US & Canada)" user=system action=backup msg="backup backup_backup-to-ftp-server_20121113105913 to 172.20.120.225 Downloads/fortiweb/backups/ OK"

date=2013-10-05 time=19:26:12 log_id=10000023 msg_id=000000001038 device_id=FVVM040000010871 vd="root" timezone="(GMT-5:00)Eastern Time(US & Canada)" type=event subtype="system" pri=information trigger_policy="" user=system ui=sys action=start status=success msg="Backup daemon started"

date=2014-04-10 time=18:14:52 log_id=10000023 msg_id=000000195894 device_id=FV-1KD3A13800012 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" type=event subtype="system" pri=critical trigger_policy="" user=admin ui=GUI action=backup status=success msg="User admin backed up the Logging file from GUI(172.22.6.240)"

date=2014-04-10 time=18:17:06 log_id=10000023 msg_id=000000195895 device_id=FV-1KD3A13800012 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" type=event subtype="system" pri=critical trigger_policy="" user=admin ui=GUI action=backup status=success msg="User admin backed up the System config file from GUI(172.22.6.240)"

date=2014-04-10 time=18:18:05 log_id=10000023 msg_id=000000195897 device_id=FV-1KD3A13800012 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" type=event subtype="system" pri=critical trigger_policy="" user=admin ui=GUI action=backup status=success msg="User admin backed up the Local Cert(CSR) file from GUI(172.22.6.240)"

Related