Created on 08-26-2024 03:23 AM Edited on 08-26-2024 03:26 AM By Jean-Philippe_P
Description | This article describes how to collect debugs from FortiGate via the FortiLightHouse tool. |
Scope | All supported versions of FortiGate. |
Solution |
FortiLightHouse CLI or FlhCli is a monitoring tool that helps in collecting essential outputs from the FortiGate firewall. It will collect the required debugs that will help Fortinet TAC and the Engineering team with deep analysis. More information can be found at the below link:
This article will focus on the installation of the FlhCli tool on the Windows operating system along with instructions on how to use the tool efficiently. The first step is to download the binary file based on the operating system.
After downloading the binary file, open a command prompt (type ‘cmd’ on search). Run ‘flhcli.exe’ and the following commands are available.
Run ‘flhcli.exe setup’ to create the XML configuration file.
In the ‘Device name’, define a file name or else the tool will create a file named ‘default’. In the ‘FortiGate hostname or IP address’, define the IP address of FortiGate. In the ‘FortiGate SSH listening port’, define the SSH port (if modified on Fortigate), or else default SSH port 22 will be chosen itself. SSH access needs to be allowed on the interface on the FortiGate. In the ‘SSH username’, define the username through which FortiGate can be accessed or else ‘admin’ is taken by default. In the ‘SSH password’, define the password. The XML file will contain the encrypted password.
The tool will ask where to save the XML file on the machine. If the directory is not defined, the tool will save it automatically in the directory mentioned.
If there is more than one device on which the debugs need to be collected, fill in the details for the second device. The configuration is saved in a file named ‘flhcli.xml’.
Below is the output of ‘flhcli.xml’ created.
After the ‘flhcli.xml’ file is created, run the ‘flhcli.exe test’ to test the basic functionality which will display the output of the ‘get system status’ command.
A monitoring script is required to run against the predefined device. A script template is shown below which can be modified as per the requirements.
<flhscript version="1"> <cycle name="performance" parameters="default" settings="default"> </cycle>
Both the monitoring script and flhcli XML files should be in the same directory.
flhcli -force-pty -redirect <<<device_name>>>_monitor --rotate-age 4h --name <<<device_name>>> cmd xml --xml <<script name>> --cycle performance
-rotate-age 4h: The log file will be rotated every 4 hours (modified as needed).
The output of the script will be stored in a file named 'FGT-Lab_monitor.txt'. A cycle duration of 10 seconds is defined in the script which can be modified as needed. The output shows that one cycle took less than 10 seconds to complete and it will wait for x seconds to run the script again. To stop the script, press ‘ctrl+c’ on the command prompt. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.