FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
Article Id 195991


This article describes how to perform basic debugging for certain FortiAuthenticator services in order to verify if the processes are working as expected. It also explains what additional debug information to provide TAC support with at the beginning of a ticket.






The following service debug outputs are accessible on FortiAuthenticator v6.x through the FortiAuthenticator URL https://<FAC IP>/debug/:


Service name

Troubleshooting scope

URL direct access

Disk Monitor

Disk R/W activity

https://<FAC IP>/debug/disk_monitor/


Collector Agent (log level is configured in the Authentication >SSO > General menu *)

Communication between FAC collector agent and FortiGate

Communication between FAC collector agent and DC FAC collector agent logon events

https://<FAC IP>/debug/fsso-agent/

FSSO (Filtered)

FSSO Filtered Logs (Filter set under Fortinet SSO Methods > SSO > General --> Configure Log Filter

https://<FAC IP>/debug/fsso-agent-filtered/

FSSO Domain Manager

Logs regarding SSO domains

https://<FAC IP>/debug/domain-manager/


Configuration changes tracking
Administrators logons tracking

https://<FAC IP>/debug/gui/


HA – High Availability status

https://<FAC IP>/debug/slony/

HW Monitor

Hardware Monitor status

https://<FAC IP>/debug/hw_monitor/

Kernel Log

Kernel log of the Fortiauthneticator

https://<FAC IP>/debug/kernlog/


Logs regarding HA Load Balance

https://<FAC IP>/debug/lb/

LB HA Sync

Logs regarding HA Load Balance syncing

https://<FAC IP>/debug/lb_sync/


FAC local LDAP directory

https://<FAC IP>/debug/ldap/

LDAP User Sync Daemon

Logs regarding LDAP user sync daemon

https://<FAC IP>/debug/ldap_user_sync/

Push Authentication Service* removed in 6.5.x

Logs regarding Push notification for Mobile FortiToken and the push service

https://<FAC IP>/debug/push-service/

RADIUS Accounting

RADIUS Accounting SSO Logs

https://<FAC IP>/debug/radacct/

RADIUS Accounting Monitor

RADIUS Accounting Monitor Logs

https://<FAC IP>/debug/rad_accounting/

RADIUS Authentication

RADIUS user’s local authentication
NAS clients
RADIUS Authentication Logs (v5.0)

https://<FAC IP>/debug/radius/


RADIUS DNS update log

https://<FAC IP>/debug/radius_dns/


Logs regarding FAC REST API

Logs regarding FAC Windows Agent

Logs regarding FAC OWA Agent

https://<FAC IP>/debug/rest_api/

SAML User Sync Daemon

Logs regarding SAML User sync Daemon

https://<FAC IP>/debug/saml_user_sync/



https://<FAC IP>/debug/snmp/

Syslog SSO

Syslog SSO Logs

https://<FAC IP>/debug/syslog_sso/


Logs regarding TACACS+ service

https://<FAC IP>/debug/tac_plus/

TACACS+ Accounting

Logs regarding TACACS+ Accounting

https://<FAC IP>/debug/tac_acct/

TACACS+ Authentication

Logs regarding TACACS+ Authentication

https://<FAC IP>/debug/tac_authen/

TACACS+ Authorization

Logs regarding TACACS+ Authorization

https://<FAC IP>/debug/tac_author/

WAD Service

WAD debug for HTTP traffic (push notification, http/https traffic,API)

https://<FAC IP>/debug/wad-service/

Web Server

Web server errors

Client connections

SSL Errors

https://<FAC IP>/debug/apache-error/

WinAD Monitor

Logs regarding FAC integration/joining Windows AD

https://<FAC IP>/debug/winad_mon/

CLI Packet Capture (tcpdumpfile)

Only available when exec tcpdumpfile has run from FAC CLI (and was stopped).

https://<FAC IP>/debug/pcap-dump/


To download Packet Capture from FortiAuthenticator, https://<FAC IP>/debug/pcap-dump/ needs to be typed manually on FAC version 6.5.2


The debug logs can be downloaded from the page itself (upper right button).


TAC Support may ask users to download these or a debug report from GUI -> Log Access -> Log section.

In FortiAuthenticator 6.2 and below, the option looks like this:



In later versions, this has been changed slightly:
In FortiAuthenticator Version 6.4.x, the 'Summary debug log' is found under Logging -> Log Access -> Logs:



In FortiAuthenticator version 6.5.2, the debug log is in the same location but it looks different:



FAC 6.5.2.png


The file 'report-summary.dbg' is encrypted and is meant for Fortinet TAC.
The resulting report.dbg or report-summary.dbg contains the latest logs, but with less duration than what is visible in the https://<FAC IP>/debug menu.

If report-summary debug fails to generate from GUI then try to generate it from CLI via TFTP/FTP 


Related articles:

Technical Tip: How to run a packet capture with FortiAuthenticator.
Extract Summary Debug Report from FortiAuthenticator via CLI with TFTP/FTP