FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmanea
Staff
Staff

Description

The COMLog feature records console CLI output into a 4 megabyte (MB) log file on flash memory, physically independent from the main drives of a FortiGate.

This flash drive will not be erased during the format from the BIOS menu or as a result of a software upgrade. It is configurable per physical unit and cannot be used for reporting or remote logging.

If enabled, the log contains all console output starting from the time it is enabled to the time it is disabled. It also writes a timestamp every hour to confirm the logging was enabled.

If the unit encounters unexpected behavior such as sudden reboots or non-responsiveness, the output of the following might show some clues as to why the issue happened.   


Solution
To enable and use from the CLI.

1) Enable COMLog using the command.

# diag debug comlog enable/disable

2) To display COMLog status, including speed, file size and log start/end use the command.

# diag debug comlog info

3) To clear the COMLog on the system management controller (SMC) use the command.

# diag debug comlog clear

4) To read the COMLog from SMC, use the command.

# diag debug comlog read

NOTE.
This command is not visible, will not show if '?' is used, and will not auto-complete with TAB.

The last word, 'read' must be typed.

5) If the output is displayed page by page, the console output type can be changed to the 'standard' by the following steps:

# config system console
    set output standard
end

It is recommended to use WEB GUI or SSH connection to collect the output, not the console port.
Since the console speed is limited, displaying the COMLog can take significant time.

7) If the COMLog is being displayed via the console connection, the COMLog functionality will be disabled to avoid the log being overwritten by displaying it on the console. It is re-enabled at the end of reading it, but in the event that reading COMLog fails or Ctrl+C is used to interrupt the COMLog output it remains disabled.

Starting from FortiOS 5.4.1, the COMLog status will always be restored when the command quits executing, no matter what causes it (Press Q, or Control C, or error, or finishes reading all COMLogs)

To enable from the Web-based Manager.


1) Prior to v5.4 go to System -> Config -> Advanced -> Console Log, in v5.4 go to System -> Advanced -> Debug Logs.

2) Select Update (Regenerate Console Logs in FortiOS 5.4) to copy the COMLog content from SMC hardware to the local tmp folder. The update process may take up to 10 minutes depending on the size of the COMLog.

3) Select Download to transfer COMLog content from the local tmp folder to the PC.

4) A dump utility; such as dumplog.bin; is required to read the COMLog file.

Supported platforms.


At least the following models will support this functionality (the list may be incomplete).

FortiGate-300D
FortiGate-400D
FortiGate-500D
FortiGate-600D
FortiGate-600C
FortiGate-800C
FortiGate-900D
FortiGate-1000C
FortiGate-1000D
FortiGate-1200D
FortiGate-1500D
FortiGate-3000D
FortiGate-3100D
FortiGate-3200D
FortiGate-3240C
FortiGate-3700D
FortiGate-3800D
FortiGate3810D
FortiGate-3815D
FortiGate-3950B Gen 2
FortiGate-5001B Gen 2
FortiGate-5001C
FortiGate-5101C
FortiGate-5001D
FortiGate-6000F
FortiGate-7000E
FortiGate-5001E

FortiSwitch-5003B Gen 2
FortiSwitch-5203B Gen 2

FortiController-5103B
FortiController-5902D
FortiController-5903C

Contributors