FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akawade
Staff
Staff
Article Id 194434

Description


This article describes how to kill a single process or multiple processes at once.

 

Scope

 

FortiGate.


Solution


Restarting processes on a Fortigate may be required if they are not working correctly.

 

Terminating might also be useful to create a process backtrace for further analysis. This is usually done if a process is using many CPU cycles. The created backtrace can be analyzed to understand in which function the process is currently busy.


Run the following commands to see information on processes and their process IDs (PID):

 

With the "diag sys process pidof" command all PIDs of a certain process type are listed:

 

diagnose sys process pidof httpsd
167
8607

 

Alternatively, use the 'ps' command to list all processes running on the FortiGate device:

 

fnsysctl ps
PID UID GID STATE CMD
1 0 0 S /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2 0 0 S [kthreadd]
3 0 0 S [ksoftirqd/0]
4 0 0 S [kworker/0:0]
5 0 0 S [kworker/u:0]
...

 

The PID is listed in the 1st column.

 

Another method is to use the "top" command to list the currently running processes with highest CPU time or memory usage:

 

diagnose sys top
Run Time:  0 days, 0 hours and 34 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 2005T, 1260F
         pyfcgid      279      S       0.0     1.9
         reportd      149      S       0.0     1.8
         updated      151      S       0.0     1.7
          httpsd      172      S       0.0     1.6
       forticron      144      S       0.0     1.6
          httpsd      186      S       0.0     1.6

The second column from the above command shows the process ID.

 

If the HTTPS process needs to be restarted, you can terminate a single 'httpsd' processes by sending a signal to the process ID.

In order to write a process stack backtrace to the crash log (as seen with the command 'diag debug crashlog read') signal 11 (sig term) can be used.

To terminate several selected processes a signal can be sent one by one to the different PIDs:

 

diag sys kill <signal> <process ID>
diag sys kill 11 172
diag sys kill 11 186

 

In the above command, httpsd processes are killed one by one based on the process IDs shown from the previous command (PID 172 or 186 as seen in the pidof, ps or top outputs for the httpsd processes).
Here, it is necessary to obtain all of the currently running process IDs to perform a restart.


Alternatively, kill or restart all of the httpsd processes at once using the following 'killall' command:

 

fnsysctl killall <process name> 
fnsysctl killall httpsd 

 

The above single command kills / restarts all of the httpsd processes instead of terminating each respective process one by one.

 

Note that when 'fnsysctl killall <process name>' is used, a process backtrace is not written to the crashlog ('diagnose debug crashlog read').

To create a backtrace that is written to the crashlog the signal 11 can be used with the killall command:

 

fnsysctl killall -11 <process name> 

 

A different set of process IDs after a successful restart will be visible.

To verify if the process termination was successful the above commands to list the process IDs can be executed again to verify that the PID changed: 

 

diagnose sys process pidof httpsd

 

Note: the 'fnsysctl' command is only available to administrator accounts with super_admin profile. 

 

Related article:

Technical Tip:Diagnose sys top CLI command