Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vhitnal
Staff
Staff

Created on ‎05-29-2020 04:25 AM Edited on ‎08-26-2025 02:52 AM By Moderator

Article Id 197186

Technical Tip: How to backup log files or dumping log messages

Description

 

This article describes how to back up log files or dump log messages.


Scope

 

FortiOS v5.0 to v6.2. Log backup to the USB disk has been removed afterward.

 

Solution

 

This topic provides steps for executing execute log backup or dumping log messages to a USB drive.
When a log issue is caused by a particular log message, it is very helpful to get logs from that FortiGate.

Backing up full logs using execute log backup.
This command backs up all disk log files and is only available on FortiGates with an SSD disk.
Before running the execute log backup, it is recommended to temporarily stop miglogd and reportd.
To stop and kill miglogd and reported:

 

diagnose sys process daemon-auto-restart disable miglogd
diagnose sys process daemon-auto-restart disable reported

fnsysctl killall miglogd
fnsysctl killall reportd

 

Logs can also be exported to a USB storage device, as LZ4 compressed files, from both CLI and GUI.

When a USB drive is inserted into the FortiGate's USB port, the USB menu will appear in the GUI. The menu shows the amount of storage on the USB disk and the log file size. Select Copy to USB to copy the log data to the drive.

 

To store the log file on a USB drive:

  1. Plug a USB drive into the FortiGate.
  2. Run this command:

exec log backup /usb/log.tar

 

To restart miglogd and reportd.

 

diagnose sys process daemon-auto-restart enable miglogd
diagnose sys process daemon-auto-restart enable reportd

 

Dumping log messages.
To dump log messages:

 

  1. Enable log dumping for the miglogd daemon:


(global) # diagnose test application miglogd 26 1
miglogd(1) log dumping is enabled

 

  1. Display all miglogd dumping status:

 

(global) # diagnose test application miglogd 26 0 255

miglogd(0) log dumping is disabled
miglogd(1) log dumping is enabled
miglogd(2) log dumping is disabled

(global) # diagnose test application miglogd 26 2
miglogd(2) log dumping is enabled

(global) # diagnose test application miglogd 26 0
miglogd(0) log dumping is enabled

(global) # diagnose test application miglogd 26 0 255
miglogd(0) log dumping is enabled
miglogd(1) log dumping is enabled
miglogd(2) log dumping is enabled

 

  1. Let the FortiGate run and collect log messages.

     

  2. List the log dump files:

 

(global) # diagnose test application miglogd 33
2019-04-17 15:50:02          20828      log-1-0.dat
2019-04-17 15:48:31           4892      log-2-0.dat

 

  1. Back up log dump files to the USB drive:

 

(global) # diagnose test application miglogd 34
Dumping file miglog1_index0.dat copied to USB disk OK.

Dumping file miglog2_index0.dat copied to USB disk OK.

 

  1. Disable log dumping for the miglogd daemon:

     

 

global) # diagnose test application miglogd 26 0
miglogd(0) log dumping is disabled

(global) # diagnose test application miglogd 26 1
miglogd(1) log dumping is disabled

(global) # diagnose test application miglogd 26 2
miglogd(2) log dumping is disabled

(global) # diagnose test application miglogd 26 0 255
miglogd(0) log dumping is disabled
 miglogd(1) log dumping is disabled
miglogd(2) log dumping is disabled

Labels:
9097
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.