Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
FMG_TAC_Eng_1
Staff
Staff

Created on ‎04-07-2022 01:50 AM Edited on ‎04-07-2022 06:50 AM By Community Manager

Article Id 208641

Troubleshooting Tip: Manual backup using SFTP

Description

 

Troubleshooting manual backup on a FortiManager/FortiAnalyzer.

 

Scope

 

FortiManager, FortiAnalyzer.

 

Solution

 

General troubleshooting:

 

It is important to make sure that FortiManager/FortiAnalyzer does not have file system errors:

 

# diagnose debug klog

 

If in a command output, it is possible to find messages like 'EXT4-fs error'  first complete file system check with command:

 

# diagnose system fsck harddisk

 

Executing this command will restart FortiManager/FortiAnalyzer.

 

System reboot will also solve a problem with a lack of space in /tmp folder, which can happen if processes were stopped unexpectedly without no chance to clear up temporary files.

 

It is possible to check if /tmp is full with CLI command:

 

# diagnose system print df

 

Example of manually executed backup operation:

 

Failed backup task will return status to a user session:

 

fmg # execute backup all-settings sftp 10.109.21.14 mnt/ssh <user> <passwd>

Starting backup all settings in background, Please wait.

fmg # Starting transfer the backup file to SFTP server...

SFTP failed: Error in the SSH layer <----- Error message is clearly transmitted into a logged user session.

Failed to backup all-settings due to SFTP transaction!

Backup all settings...Failed.

 

Successful backup task will return status into a session of user that has initiated operation:

 

fmg # execute backup all-settings sftp 10.109.21.14 mnt/ssh/fmg_1 <user> <passwd>

Starting backup all settings in background, Please wait.

Starting transfer the backup file to SFTP server...

Transferred 131.104M of 131.104M in 0:00:03s (36.157M/s)

Backup all settings...Ok.

MD5: 368cae256f967e46cdff0a83b60d4c35

 

FortiManager/FortiAnalyzer Event Log messages related to backup process:

 

Go to System Settings -> Event Log to view the local log list.

 

FortiManager/FortiAnalyzer logs can be filtered by operation type:

 

operation="system backup"

 

Resulting list of event messages will have basic information on successful and failed attempts, with limited details.

 

Information required for submitting tickets:

 

- Communication scheme between FortiManager/FortiAnalyzer and backup server.

- Results of executing command '# execute tac report' on FortiManager/FortiAnalyzer.

- Events from section 'FortiManager/FortiAnalyzer Event Log messages related to backup process'.

- Log from 'Example of manually executed backup operation' for manual backup.

 

Related articles:

 

Technical Tip: How to create a log file of a session using PuTTY

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-log-file-of-a-session-usin...

 

Technical Tip: How to stop a long backup job on the FortiAnalyzer

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-How-to-stop-a-long-backup-job-on-the-F...

2882
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.