Technical Tip: Find and restart/kill a process on a FortiGate by the process ID (PID) via pidof

This article describes how to restart processes by killing the process ID. Some processes cannot be restarted via the 'diagnose test app 99'.

To find the process ID enter the following command (on a global level):

diagnose sys process pidof <PROCESS_NAME>

So, if the process ID is sought of hasync, the command would be:

diagnose sys process pidof hasync

There can be several PIDs in the output.

So the following step would need to be repeated for every PID:

diagnose sys kill 11 <pid>

It is possible to kill all processes at once via this command:

fnsysctl killall <PPROCESS_NAME>

(Compare: Technical Tip: How to restart/kill all processes with 'fnsysctl' command).

Note:

'fnsysctl killall' is not working for every process (e.g. hasync).

In the case of 'fnsysctl killall' process crashlog ('diagnose debug crashlog read') is not generated.

To check if the command was working correctly, it is possible again to run 'diag sys process pidof <PPROCESS_NAME>' and compare the PIDs.

When everything is correct, the PIDs will have changed.

If the PID is not changing, try killing the process using the 'diagnose sys kill 11 <pid>' command.

In case a single instance of the process is killed, the log entry will be generated in the output of 'diagnose debug crashlog read' and system events logs (log ID: 0100032546).

Note:
The command 'fnsysctl' is only available on an administrator account that has been assigned a 'super_admin' profile.

The command 'fnsysctl' is not available on units with 'FIPS-CC' mode enabled on FortiOS. To verify if FIPS-CC is enabled or not, use the following command: 

get system status