FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msingh_FTNT
Staff
Staff
Article Id 229508
Description This article describes how to capture the debugs for logging issues.
Scope 6.2,6.4,7.0 and 7.2
Solution

Daemon(s):

 

/bin/miglogd -->  Miglogd process is responsible for logging locally to the unit.

 

Miglogd logs use port 514. In Reliable mode, it uses TCP/514. When Reliable is disabled, it uses UDP port 514

 

Logging daemon (Miglogd).
 
The number of logging daemon child processes has been made available for editing.
A higher number can affect performance, and a lower number can affect log processing time, although no logs will be dropped or lost if the number is decreased.
If there are some performance issues, it is possible to alter the number of logging daemon child processes, from 0 to 15, using the following syntax.
The default is 8.
 
# config systemg lobal
    set miglogd-children <integer>
end
 

General Debugs:

 

# diagnose debug application miglogd 255 <----- Let it on for a much longer time to see what is printed out.
# diagnose debug enable


# diagnose test application miglogd 1 <----- Have_disk= 1  show the disk status.
# diagnose test application miglogd 4 <----- Will show number of active log devices.
# diagnose test application miglogd 6 <----- Will show log dev statistics.
# diagnose test application miglogd 15 <----- Duration.
# diagnose test application miglogd 20 <----- Will show if oftp status is established [ Ofpd, this process is used to upload Logs ].
# diagnose test app miglogd 26 1 <----- Enable/disable log dumpingdo.
# diagnose log kernel-stats <----- Query logging statistics.
# execute log fortiguard test-connectivity

 

Note:

Generally logs are sent to FortiAnalyzer/Syslog devices using UDP port 514 and for sniffer, it will be necessary to use the command below:

 

# diag sniffer packet any 'udp port 514' 6 0 a

 

Note:

If logs are sent to FortiAnalyzer and set reliable is enabled under # config log fortianalyzer settings, in this case, logs will be sent using TCP port 514 and for sniffer.

It is possible to use:

 

# diag sniffer packet any 'tcp port 514' 6 0 a

 

Note:

FortiGate sends logs to Forticloud on TCP port 514 and makes sure to take the sniffer:

 

# diagnose sniffer packet any 'tcp port 514' 6 0 a