Skip to main content
smkml
Staff
smkml
Staff
January 7, 2026

Technical Tip: Generate diagnostic logs from CLI/SSH for FortiAnalyzer BigData

  • January 7, 2026
  • 0 replies
  • 176 views
Description

 

This article describes how to generate Diagnostic Logs using CLI/SSH if collecting them from the GUI failed in FortiAnalyzer BigData. To generate from the GUI, access to FortiAnalyzer BigData/Security Event Manager (SEM) -> Cluster Manager -> Settings -> System -> Diagnostic Logs -> Collect & Download.

 

collect diagnostic logs from GUI.png

 

Scope

 

FortiAnalyzer BigData.

 

Solution

 

  1. Access SSH directly from FortiAnalyzer BigData/Security Event Manager (SEM) as per below.

Note: Use any SSH application tools, and for this article example, MobaXterm is being used.

 

ssh using mobaxterm.png

 

after ssh.png

 

After successfully SSHing to FortiAnalyzer BigData/Security Event Manager (SEM), it will automatically enter the Master Blade. For this example, the Master Blade is blade3 (198.18.1.3).

 

To confirm which are the Master Blades, observed under Cluster Manager -> Hosts.

 

master blade in GUI.png

 

  1. Another option to access is through FortiAnalyzer BigData/Security Event Manager (SEM) CLI Console.

 

access CLI Console.gif

 

Proceed to access to SSH Master Blade, with the command below:

 

FAZ-BD # execute ssh <username>@<master blade>

(<username>@<master blade>) Password: <enter password>

 

Example: 

 

FAZ-BD # execute ssh root@198.18.1.3

(root@198.18.1.3) Password: 

 

access CLU console with ssh.png

 

Once have access to the CLI/SSH of FortiAnalyzer BigData/Security Event Manager (SEM), run the command below to generate the Diagnostic Logs.

 

FAZ-BD # fazbdadm log export all

 

run command to generate diagnostic logs.png

 

Basically, the command will access each blade and extract the requested information, and save it in a temporary file of FortiAnalyzer BigData.

 

For this example, the files are located under the tmp folder, and the file is named as BD_logs_20260107150840.tar.gz.

To get this file, it is necessary to have an SFTP server on the local machine and SSH to FortiAnalyzer BigData and move the file to the local machine.

 

Note: Use any SFTP application tools, and for this article example, WinSCP is being used.

 

transfer to local machine.png

 

Related articles:

Technical Tip: How to verify the role of the blades in FortiAnalyzer BigData 
Technical Tip: How to verify the current active controller in FortiAnalyzer BigData 

    Terms & ConditionsAccessibility statement