Technical Tip: How to backup log files or dumping log messages

Description

This article describes how to backup log files or dumping log messages.

Scope

FortiOS 5.0 to 6.2. Log backup to the USB disk has been removed afterward.

Solution

This topic provides steps for using execute log backup or dumping log messages to a USB drive.
When a log issue is caused by a particular log message, it is very helpful to get logs from that FortiGate

Backing up full logs using execute log backup.
This command backs up all disk log files and is only available on FortiGates with an SSD disk.
Before running execute log backup, we recommend temporarily stopping miglogd and reportd.
To stop and kill miglogd and reported:

diagnose sys process daemon-auto-restart disable miglogd
diagnose sys process daemon-auto-restart disable reported

fnsysctl killall miglogd
fnsysctl killall reportd

To store the log file on a USB drive:

1. Plug in a USB drive into the FortiGate.
2. Run this command:
   
   exec log backup /usb/log.tar

To restart miglogd and reportd.

diagnose sys process daemon-auto-restart enable miglogd
diagnose sys process daemon-auto-restart enable reportd

Dumping log messages.
To dump log messages:

1. Enable log dumping for miglogd daemon:
   (global) # diagnose test application miglogd 26 1
   miglogd(1) log dumping is enabled
   
   
2. Display all miglogd dumping status:
   
   (global) # diagnose test application miglogd 26 0 255
   

   miglogd(0) log dumping is disabled
   miglogd(1) log dumping is enabled
   miglogd(2) log dumping is disabled
   
   (global) # diagnose test application miglogd 26 2
   miglogd(2) log dumping is enabled
   
   (global) # diagnose test application miglogd 26 0
   miglogd(0) log dumping is enabled
   
   (global) # diagnose test application miglogd 26 0 255
   miglogd(0) log dumping is enabled
   miglogd(1) log dumping is enabled
   miglogd(2) log dumping is enabled
   
   

3. Let the FortiGate run and collect log messages.

4. List the log dump files:
   
   (global) # diagnose test application miglogd 33
   2019-04-17 15:50:02          20828      log-1-0.dat
   2019-04-17 15:48:31           4892      log-2-0.dat
   
   

5. Back up log dump files to the USB drive:
   
   (global) # diagnose test application miglogd 34
   Dumping file miglog1_index0.dat copied to USB disk OK.
   
   Dumping file miglog2_index0.dat copied to USB disk OK.
   
   

6. Disable log dumping for miglogd daemon:
   
   global) # diagnose test application miglogd 26 0
   miglogd(0) log dumping is disabled
   
   (global) # diagnose test application miglogd 26 1
   miglogd(1) log dumping is disabled
   
   (global) # diagnose test application miglogd 26 2
   miglogd(2) log dumping is disabled
   
   (global) # diagnose test application miglogd 26 0 255
   miglogd(0) log dumping is disabled
    miglogd(1) log dumping is disabled
   miglogd(2) log dumping is disabled