Description
This article describes how to kill a single process or multiple processes at once.
Scope
FortiGate.
Solution
Restarting processes on a Fortigate may be required if they are not working correctly.
Terminating might also be useful to create a process backtrace for further analysis. This is usually done if a process is using many CPU cycles. The created backtrace can be analyzed to understand in which function the process is currently busy.
Run the following commands to see information on processes and their process IDs (PID):
With the "diag sys process pidof" command all PIDs of a certain process type are listed:
diagnose sys process pidof httpsd
167
8607
Alternatively, use the 'ps' command to list all processes running on the FortiGate device:
fnsysctl ps
PID UID GID STATE CMD
1 0 0 S /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2 0 0 S [kthreadd]
3 0 0 S [ksoftirqd/0]
4 0 0 S [kworker/0:0]
5 0 0 S [kworker/u:0]
...
The PID is listed in the 1st column.
Another method is to use the "top" command to list the currently running processes with highest CPU time or memory usage:
diagnose sys top
Run Time: 0 days, 0 hours and 34 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 2005T, 1260F
pyfcgid 279 S 0.0 1.9
reportd 149 S 0.0 1.8
updated 151 S 0.0 1.7
httpsd 172 S 0.0 1.6
forticron 144 S 0.0 1.6
httpsd 186 S 0.0 1.6
The second column from the above command shows the process ID.
If the HTTPS process needs to be restarted, you can terminate a single 'httpsd' processes by sending a signal to the process ID.
In order to write a process stack backtrace to the crash log (as seen with the command 'diag debug crashlog read') signal 11 (sig term) can be used.
To terminate several selected processes a signal can be sent one by one to the different PIDs:
diag sys kill <signal> <process ID>
diag sys kill 11 172
diag sys kill 11 186
In the above command, httpsd processes are killed one by one based on the process IDs shown from the previous command (PID 172 or 186 as seen in the pidof, ps or top outputs for the httpsd processes).
Here, it is necessary to obtain all of the currently running process IDs to perform a restart.
Alternatively, kill or restart all of the httpsd processes at once using the following 'killall' command:
fnsysctl killall <process name>
fnsysctl killall httpsd
The above single command kills / restarts all of the httpsd processes instead of terminating each respective process one by one.
Note that when 'fnsysctl killall <process name>' is used, a process backtrace is not written to the crashlog ('diagnose debug crashlog read').
To create a backtrace that is written to the crashlog the signal 11 can be used with the killall command:
fnsysctl killall -11 <process name>
A different set of process IDs after a successful restart will be visible.
To verify if the process termination was successful the above commands to list the process IDs can be executed again to verify that the PID changed:
diagnose sys process pidof httpsd
Note: the 'fnsysctl' command is only available to administrator accounts with super_admin profile.
Related article:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.