Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mgp
Staff
Staff

Created on ‎05-15-2022 10:17 PM Edited on ‎05-15-2022 10:20 PM By Community Manager

Technical Tip: How to check/kill/collect trace logs of process daemons from GUI

Description

 

This article describes on how to check the various process daemons and how to kill the related daemons from the GUI without usage of CLI commands.

 

Scope

 

FortiOS versions v7.0 and v7.2.

 

Solution

 

Go to top right corner and select the username shown as below:

 

Capture.PNG 

 

Select System -> Process Monitor.

 

2.PNG

 

It is possible to see the daemons in use and possible to check the amount of CPU and memory consumed by individual process.

In order to kill any process, right click on the respective daemon then select Kill Process then 3 options will be shown:

 

- Kill: This is the standard kill and it will show one line crash when checked in the crashlog.

 

- Force Kill: This option works same as the kill signal 9. This can be viewed in the crash log.

 

- Kill & Trace: This option works same as the kill signal 11. This will give detailed crashlog information required for further analysis  and a sample of the same is shown below:

 

2022-05-14 13:43:46 <06938> firmware FortiGate-VM64-KVM v7.0.5,build0304b0304,220208 (GA) (Release)
2022-05-14 13:43:46 <06938> application httpsd
2022-05-14 13:43:46 <06938> *** signal 11 (Segmentation fault) received ***
2022-05-14 13:43:46 <06938> Register dump:
2022-05-14 13:43:46 <06938> RAX: 0000000000000000 RBX: 0000000003edaed0
2022-05-14 13:43:46 <06938> RCX: ffffffffffffffff RDX: 000000000f2728e0
2022-05-14 13:43:46 <06938> R08: 0000000000000001 R09: 0000000003edaed0
2022-05-14 13:43:46 <06938> R10: 000000000f24b2d0 R11: 0000000000000246
2022-05-14 13:43:46 <06938> R12: 000000000000000b R13: 0000000000001b1a
2022-05-14 13:43:46 <06938> R14: 000000000f24fd30 R15: 000000000344a6f1
2022-05-14 13:43:46 <06938> RSI: 000000000000000b RDI: 0000000000001b1a
2022-05-14 13:43:46 <06938> RBP: 00007fffbf8cac20 RSP: 00007fffbf8cabf8
2022-05-14 13:43:46 <06938> RIP: 00007f740477d0f7 EFLAGS: 0000000000000246
2022-05-14 13:43:46 <06938> CS: 0033 FS: 0000 GS: 0000
2022-05-14 13:43:46 <06938> Trap: 0000000000000000 Error: 0000000000000000
2022-05-14 13:43:46 <06938> OldMask: 0000000000000000
2022-05-14 13:43:46 <06938> CR2: 0000000000000000
2022-05-14 13:43:46 <06938> stack: 0x7fffbf8cabf8 - 0x7fffbf8cc750
2022-05-14 13:43:46 <06938> Backtrace:
2022-05-14 13:43:46 <06938> [0x7f740477d0f7] => /usr/lib/x86_64-linux-gnu/libc.so.6
2022-05-14 13:43:46 (kill+0x00000007) liboffset 000390f7
2022-05-14 13:43:46 <06938> [0x00c8ebb0] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00be9964] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00be9eb0] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00beb5f6] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00becc3d] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00b97069] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00d4ef5a] => /bin/httpsd (ap_run_handler+0x0000004a)
2022-05-14 13:43:46 <06938> [0x00d4f7b6] => /bin/httpsd (ap_invoke_handler+0x000000c6)
2022-05-14 13:43:46 <06938> [0x00d94f09] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00d95151] => /bin/httpsd (ap_process_request+0x00000021)
2022-05-14 13:43:46 <06938> [0x00d8d7d5] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00d537aa] => /bin/httpsd (ap_run_process_connection+0x0000004a)
2022-05-14 13:43:46 <06938> [0x00d6904d] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00d69306] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00d694f4] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00d69b2d] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00d65001] => /bin/httpsd (ap_run_mpm+0x00000061)
2022-05-14 13:43:46 <06938> [0x00d64b36] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x0044b58f] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00453fea] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00450c4c] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x0045322f] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x00453b81] => /bin/httpsd
2022-05-14 13:43:46 <06938> [0x7f7404767deb] => /usr/lib/x86_64-linux-gnu/libc.so.6
2022-05-14 13:43:46 (__libc_start_main+0x000000eb) liboffset 00023deb
2022-05-14 13:43:46 <06938> [0x00446b5a] => /bin/httpsd
2022-05-14 13:43:46 <06938> fortidev 6.0.1.0005

 

Termination Signals:

 

The table shows most common termination signal numbers and their description:

 

Signal number Description
4 Illegal instruction 
6 Abort command from Forti-OS
7 Bus error
9 Unconditional kill
11 Invalid memory reference
14 Alarm clock
15 Graceful kill

 

657
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.