183 lines
4.8 KiB
Text
183 lines
4.8 KiB
Text
= Fortianalyzer diagnose and debug cheat sheet
|
|
:toc: auto
|
|
|
|
|
|
|
|
|
|
== General Health
|
|
[cols=2, options="header"]
|
|
|===
|
|
|Command
|
|
|Description
|
|
|
|
|
|
|*get sys status*
|
|
|Get general information: firmware version, serial number, ADOMs enabled or not, time and time zone, general license status (Valid or not).
|
|
|
|
|*get sys performance*
|
|
|Detailed performance statistics: CPU load, memory usage, hard disk/flash disk used space and input/output (`iostat`) statistics.
|
|
|
|
|*exe top*
|
|
|Display real time list of running processes with their CPU load.
|
|
|
|
|*diag log device*
|
|
|Shows how much space is used by each device logging to the Fortianalyzer, including quotas.
|
|
|
|
|*exe iotop -b -n 1*
|
|
|Display and update every 1 second READ/WRITE statistics for all the processes.
|
|
|
|
|*dia sys process list*
|
|
|list running processes, like `ps aux` in Linux.
|
|
|
|
|*dia sys process kill <kill signal> <process id>*
|
|
|Kill a process by its pid. Kill signal can be word or numeric, e.g. `dia sys process kill 9 27034`.
|
|
|
|
|*diagnose system print cpuinfo*
|
|
|Display hardware CPU information - vendor, number of CPUs etc.
|
|
|
|
|*diagnose hardware info*
|
|
|Even more hardware-related info.
|
|
|
|
|*diagnose system print df*
|
|
|Show disk partitions and space used. Analog of the Linux `df`.
|
|
|
|
|*exe lvm info*
|
|
|Shows disks status and size
|
|
|
|
|*diagnose system print loadavg*
|
|
|Show average system load, analog to the Linux `uptime` command.
|
|
|
|
|*dia sys print uptime*
|
|
|Show FAZ uptime.
|
|
|
|
|*dia sys admin-session <list/status/kill>*
|
|
|List, kill admin session(s).
|
|
|
|
|*dia sys ntp status*
|
|
|Show NTP status: IP of the NTP server synchronized to, its startum, etc.
|
|
|
|
|*dia dvm check-integrity*
|
|
|Check objects db integrity.
|
|
|
|
|
|
|
|
|===
|
|
|
|
== Communication debug
|
|
[cols=2, options="header"]
|
|
|===
|
|
|Command
|
|
|Description
|
|
|
|
|*diagnose system print netstat*
|
|
|Show established connections to the Fortianalyzer, as well as listening ports. Every logging device can (and usually does) have multiple connections established.
|
|
|
|
|*diagnose system route list*, *diagnose sys route6 list*
|
|
|Show routing table
|
|
|
|
|
|
|
|
|*diagnose test application oftpd 3*
|
|
|List all devices sending logs to the Fortianalyzer with their IP addresses, serial numbers, _uptime_ meaning connection establishment uptime, not remote device uptime, and packets received (should be growing).
|
|
|
|
|
|
|
|
|*diagnose debug application oftpd 8 <__Device name__>*
|
|
|
|
*diagnose debug enable*
|
|
|Real time debug of communicating with the __Device name__ device.
|
|
|
|
|*diagnose sniffer packet any "host __IP of remote device__"*
|
|
|Sniff packets from/to remote device, to make sure they are sending each other packets. The communication is encrypted.
|
|
|
|
|*diagnose sniffer packet any "port 514"*
|
|
|Sniff all packets to/from port 514 used by Fortianalyzer to receive logs from remote devices.
|
|
|
|
|
|
|===
|
|
|
|
|
|
== Logs from devices
|
|
[cols=2, options="header"]
|
|
|===
|
|
|Command
|
|
|Description
|
|
|
|
|*diagnose test application oftpd 50*
|
|
|Show log types received and stored for each device.
|
|
|
|
|
|
|*diag log device*
|
|
|Shows how much space is used by each device logging to the Fortianalyzer, including quotas.
|
|
|
|
|*diagnose fortilogd lograte*
|
|
|Show in one line last 5/30/60 seconds rate of receiving logs.
|
|
|
|
|*diagnose fortilogd lograte-adom all*
|
|
|Show as table log receiving rates for all ADOMs aggregated per device type (i.e. rate for all Fortigates will be as one data per ADOM).
|
|
|
|
|*diagnose fortilogd lograte-device*
|
|
|Show average logs receive rate per device for the last hour, day, and week.
|
|
|
|
|*diagnose fortilogd lograte-total*
|
|
|Show summary log receive rate for all devices on this Fortianalyzer.
|
|
|
|
|
|
|
|
|===
|
|
|
|
== Disk and RAID health
|
|
[cols=2, options="header"]
|
|
|===
|
|
|Command
|
|
|Description
|
|
|
|
|*diagnose sys raid status*
|
|
|General health of the RAID: RAID level used, RAID status, RAID size, health status of
|
|
each physical disk in the RAID.
|
|
|
|
|*dia sys raid hwinfo*
|
|
|Detailed RAID controller info: IDs, slot numbers, link speed, media type, temperature,
|
|
error counters, and more.
|
|
|
|
|*dia sys disk info*
|
|
|General physical disks info: model and maker for each physical disk, s/n, speed (RPM), media
|
|
type, ATA/SATA versions supported.
|
|
|
|
|*dia sys disk health*
|
|
|Health state of the disks as read from S.M.A.R.T. info, greatly depends on the S.M.A.R.T.
|
|
level support by the disk.
|
|
|
|
|*dia sys disk error*
|
|
|History of all errors along with the time of occurrence.
|
|
|
|
|*dia sys disk usage*
|
|
|Lists all folders (a lot) of the filesystem with their sizes on disk. Also available on
|
|
VM FAZ.
|
|
|
|
|*dia sys flash list*
|
|
|List FAZ image stored in the flash, e.g.
|
|
|
|
|===
|
|
|
|
|
|
|
|
== Licensing
|
|
[cols=2, options="header"]
|
|
|===
|
|
|Command
|
|
|Description
|
|
|
|
|*diagnose dvm device list*
|
|
|Look for the line _There are currently N devices/vdoms count for license_.
|
|
|
|
|*diagnose debug vminfo*
|
|
|Show report on Virtual Machine license: whether valid or not, type, licensed storage volume, licensed log receive rate, licensed maximum device count.
|
|
|
|
|*dia license list*
|
|
|List all applied lcienses on this FAZ.
|
|
|
|
|===
|
|
|
|
|
|
|