Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pkumari
Staff
Staff

Created on ‎09-26-2024 01:21 PM

Article Id 344760

Technical Tip: Memory leak issue

Description This article describes how to troubleshoot the memory leak issue.
Scope FortiGate.
Solution

When memory usage is very high and increases very fast in a short period, it might be a memory leak issue, and it can be analyzed by the following steps.

 

Note that memory increase does not always mean a memory leak. A memory leak issue usually has these phenomena:

  • Very fast and abnormal memory increase (usually with common or low traffic levels).

  • Continuous memory increases without deallocated.

  • Used memory is not deallocated even after traffic drops or stopped.

The most important thing for troubleshooting a memory leak issue is to locate which module, process, or function causes the memory increase.

 

  • Collect below log output to identify the root cause.

 

get sys status
diag hardware sysinfo memory
diag hardware sysinfo cpu
diagnose hardware deviceinfo disk
get hardware status
get sys perf stat <--- run this 2-3 times
diag autoupdate ver
diag sys top-sum <---Press 'C' and let run for about 15 seconds then press 'q' to stop.
diag sys top 1 20 <--- Press 'C' let run for about 15 seconds then press 'q' to stop.
diag sys top-mem
get system status
get system performance status (Run this command 5 times in intervals of 1 minute).
diag sys top 1 40 (Run for 30 Sec and CTRL C to stop).
diag sys top-s '-s mem' (Run for 30 Sec and CTRL C to stop).
diagnose autoupdate versions
diag debug crashlog read | grep 2024

 

  • Run 'diag sys top 1 20' to check the top utilized resources and based on the top utilizing resources, collect further logs for them.

  • 'diag hardware sysinfo memory' will give an idea of the allocated memory of current usage firewall resources.

 

Example:

 

diag har sysinfo memory
MemTotal: 1963860 kB
Cached: 448948 kB ---> Cached mem is 440 MB.
Active: 932748 kB ---> Active mem is above 900 MB. Almost half of the memory.

 

  • Check the 'diag sys top-mem', calculate the memory utilization of the top utilized resource, and verify the crash logs.

 

The well-known processes for memory leaks are WAD, IPS, fgtlogd, and others. In case of memory leak issues, always refer to the release notes of the known issues of the firmware.

 

Refer to the below article to collect logs in case of WAD, IPS, and other processes consuming the memory. Based on the logs it can be identified If there is a leak or any network condition is triggering high memory usage.

WAD
529
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.