Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jackie_T
Staff
Staff

Created on ‎01-07-2020 01:23 AM Edited on ‎11-05-2024 07:42 AM By Moderator

Article Id 193006

Technical Tip: FortiGate monitoring script

Description


This article describes how to run a script remotely on a  FortiGate, using Tera Term software to capture the data on a timely basis. This is useful to collect info to analyze the overall health of the device performance and it is also used to capture intermittent issue which occurs randomly such as CPU or memory spike.

Related link:
TTL command reference

 

Scope

 

FortiGate.

Solution


Refer to this KB article for the TAC debug script (Technical Tip: TAC debug script with TeraTerm). Many SSH tools can be used, but in this example, Teraterm will be used to run the monitoring script.


Here are the steps to use the monitoring script with Teraterm:

 

To run the script follow the steps mentioned below.

 

  1. Download TeraTerm.
  2. Run ttermpro.exe from a PC connected to the LAN or by console and log in to the firewall.
  3. Logging in to the FortiGate:
    1. If connecting by SSH, select TCP/IP -> Service -> SSH and enter the Host IP address.  If this is the first time connecting, select Continue to accept the SSH key. Enter the admin username and password credentials and select OK.
    2. If connecting to the console, select Serial and the active COM port from the drop-down menu. Enter the admin username and password credentials.
  4. To start logging, select File -> Log and then choose where to save the log file.
  5. Run the script by selecting Control -> Macro and selecting the script (file with .ttl extension).
  6. Do not close the logging or macro window.

 

Change the terminal width settings as shown below:

  1. Go to Setup then Terminal.
  2. Change the settings (Terminal Size) to as shown below.

 

Figure 1.

   

kvarada_FTNT_0-1694624900431.jpeg

 

Note 

  • The script must be in .ttl format otherwise the macro script tool will not execute some commands.
  • Different scenarios can require focusing on a specific daemon by collecting command output designated for that daemon. Find attached an example of ttl scrip to troubleshoot high memory usage by WAD processes - filename 'wad_mon_new.ttl'.
  • Another scenario can be troubleshooting intermittent traffic drops. For sniffer-based script can be used such as the one described in the article: Technical Note: Using Tera Term sniffer with a FortiGate to save output to different files every <N>...
  • If the script gets logout automatically, adjust the login timeout period following this command:

 

config system global
    set admin-ssh-grace-time <number_of_seconds> <<max 3600 seconds

    set admintimeout  <number_of_minutes< << max 480 minutes
end 

wad_mon_new.TTL
12529
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.