Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
FMG_TAC_Eng_1
Staff
Staff

Created on ‎04-07-2022 01:50 AM Edited on ‎04-02-2025 02:27 AM By Moderator

Article Id 208641

Troubleshooting Tip: Manual backup using SFTP

Description

 

This article describes some troubleshooting steps for the backup on a FortiManager/FortiAnalyzer.

 

Scope

 

FortiManager, and FortiAnalyzer.

 

Solution

 

General troubleshooting:

 

It is important to make sure that FortiManager/FortiAnalyzer does not have file system errors:

 

diagnose debug klog

 

If in a command output, it is possible to find messages like 'EXT4-fs error'  first complete file system check with command:

 

diagnose system fsck harddisk

 

Executing this command will restart FortiManager/FortiAnalyzer.

A system reboot will also solve a problem with a lack of space in the /tmp folder, which can happen if processes are stopped unexpectedly without a chance to clear up temporary files.

 

It is possible to check if /tmp is full with the CLI command:

 

diagnose system print df

 

Example of manually executed backup operation:

A failed backup task will return status to a user session:

 

fmg # execute backup all-settings sftp 10.109.21.14 mnt/ssh <user> <passwd>

Starting backup all settings in background, Please wait.

fmg # Starting transfer the backup file to SFTP server...

SFTP failed: Error in the SSH layer 

Failed to backup all-settings due to SFTP transaction!

Backup all settings...Failed.

 

If the error 'SFTP failed: Error in the SSH layer' is received, include the '/' from the directory to get a successful backup using <crtpassword>:

 

fmg# exe backup all-settings sftp 10.47.1.182 /home/fortinet/downloads/ <username> <password> <crtpassword>

 

The successful backup task will return the status into a session of the user that has initiated the operation:

 

fmg # execute backup all-settings sftp 10.109.21.14 mnt/ssh/fmg_1 <user> <passwd>

Starting backup all settings in background, Please wait.

Starting transfer the backup file to SFTP server...

Transferred 131.104M of 131.104M in 0:00:03s (36.157M/s)

Backup all settings...Ok.

MD5: 368cae256f967e46cdff0a83b60d4c35

 

FortiManager/FortiAnalyzer Event Log messages related to the backup process:

 

Go to System Settings -> Event Log to view the local log list. FortiManager/FortiAnalyzer logs can be filtered by operation type:

 

operation="system backup"

 

The resulting list of event messages will have basic information on successful and failed attempts, with limited details.

 

Information required for submitting tickets:

  • Communication scheme between FortiManager/FortiAnalyzer and backup server.
  • Results of executing command 'execute tac report' on FortiManager/FortiAnalyzer.Events from section 'FortiManager/FortiAnalyzer Event Log messages related to backup process'.
  • Log from 'Example of manually executed backup operation' for manual backup.

 

Related articles:

Technical Tip: How to configure Email Notifications for backup SFTP connections failure

Technical Tip: How to create a log file of a session using PuTTY

Technical Tip: How to stop a long backup job on the FortiAnalyzer

5392
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.