FG # diag test app harelay 01. Show harelay statistics2. Show harelay connections# diag test app harelay 1# diag test app harelay 2
These commands should be used repeatedly, because the daemon does not always run, so most times there is no result displayed in the output.To enable all debug for harelay:
# diag debug app harelay -1
It is possible to see the following output:
harelay_accept[546] pid-247 conn=695537 receied a relay req from ha-2/1645harelay_on_clt_read_id[276] pid-247 conn=695537 read relay-id: svr=254.253.252.251/514, ha-id=2, vdom=rootharelay_connect_to_server[147] pid-247 conn=695537 read relay-id: svr=254.253.252.251/514, source_ip=0.0.0.0, vdom=root, intf_sel_mode=0, intf_sel_name=harelay_accept[546] pid-247 conn=695579 receied a relay req from ha-2/1654harelay_on_clt_read_id[276] pid-247 conn=695578 read relay-id: svr=254.253.252.251/514, ha-id=2, vdom=rootharelay_connect_to_server[147] pid-247 conn=695578 read relay-id: svr=254.253.252.251/514, source_ip=0.0.0.0, vdom=root, intf_sel_mode=0, intf_sel_name=__set_socket_interface[134] pid-247 Binded interface index: 0harelay_on_clt_read_udp[335] pid-247 conn=694713 read() failed: num=-1, errno=104harelay_accept[546] pid-247 conn=695580 receied a relay req from ha-2/1655harelay_on_clt_read_id[276] pid-247 conn=695579 read relay-id: svr=254.253.252.251/514, ha-id=2, vdom=rootharelay_connect_to_server[147] pid-247 conn=695579 read relay-id: svr=254.253.252.251/514, source_ip=0.0.0.0, vdom=root, intf_sel_mode=0, intf_sel_name=__set_socket_interface[134] pid-247 Binded interface index: 0
In this case, it is possible to notice that the connections are done to relay logs (port514) to a server (254.253.252.241).Process ID is also noticed (pid-247).It is also possible to see errors, like the one above: pid-247 conn=694713 read() failed: num=-1, errno=104.This may be caused by a known issue (ie. 751087), or something completely new. According to the error code, this is something to be investigated by TAC support or the development.Depending on type of traffic that is sent by harelay, one may further investigate what process creates that traffic (in this case, as the port 514 is visible, the process to check is miglogd).Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.