Created on 10-21-2008 10:05 AM Edited on 10-07-2024 01:18 PM By Jean-Philippe_P
Description
This article describes how to use the 'diagnose sys top'command from the CLI.
Scope
FortiGate.
Solution
Use the 'diagnose sys top' command from the CLI to list the processes running on the FortiGate.
The command also displays information about each process.
Example output (up to 6.4):
diagnose sys top
Run Time: 13 days, 13 hours and 58 minutes
0U, 0S, 98I; 123T, 25F, 32KF
newcli 903 R 0.5 5.5
sshd 901 S< 0.5 4.0
Example output (from 7.0):
Run Time: 0 days, 18 hours and 6 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 3039T, 1950F
bcm.user 97 S < 3.4 0.4 0
snmpd 192 S 0.9 0.2 1
forticron 173 S 0.4 0.6 0
fcnacd 181 S 0.4 0.3 1
newcli 4488 R < 0.4 0.2 1
Here, the codes displayed on the second output line mean the following:
U is the percentage of user space applications using CPU. In the example, 0U means 0% of the user space applications are using the CPU.
S is the percentage of system processes (or kernel processes) using CPU. In the example, 0S means 0% of the system processes are using the CPU.
I is the percentage of idle CPU. In the example, 98I means the CPU is 98% idle.
T is the total FortiOS system memory in Mb. In the example, 123T means there are 123 Mb of system memory.
F is free memory in Mb. In the example, 25F means there is 25 Mb of free memory.
KF is the total shared memory pages used. In the example, 32KF means the system is using 32 shared memory pages.
Each additional line of the command output displays information for each of the processes running on the FortiGate.
For example, the third line of the output is:
newcli 4488 R < 0.4 0.2 1
In this instance, newcli is the process name.
Other process names can include ipsengine, sshd, cmdbsrv, httpsd, scanunitd, and miglogd.
4488 is the process ID. The process ID can be any number.
R is the state that the process is running in. The process state can be:
R running.
S sleep.
Z zombie.
D disk sleep.
T stopped.
< on a process means that it is a process with higher priority compared to remaining ones (is not nice to all remaining processes).
N on a process means that it is a process with lower priority compared to the remaining ones (is nice to all remaining processes).
The D state is particularly important, as it implies that something is wrong with the disk IO, meaning the process can therefore not continue running because it cannot read from or write to the flash disk.
0.4 is the amount of CPU that the process is using. CPU usage can range from 0.0 for a process that is sleeping to higher values for a process that is taking a lot of CPU time (This utilization is per core on which the process is running).
0.2 is the amount of memory that the process is using.
1 (last column, newly added in 7.0) is the CPU core on which this process is running.
Below are some interactive 'diagnose sys top' commands.
Enter the following single-key commands when 'diagnose sys top' is running to sort by columns.
‘M’ to sort by memory usage
‘P’ to sort by CPU usage
‘N’ to sort by process ID
‘T’ to sort by the running time
‘Q’ to quit
By default, the 'diag sys top' command refreshes every 5 seconds.
If the commands need to be run for any specific duration with a fixed number of lines, the following options are available:
diagnose sys top <Delay_in_seconds> <Maximum_lines_to_display> <Iterations_to_run>
Delay in seconds (default 5).
Maximum lines to display (default 20). Show all the running processes if larger than its total number.
Iterations to run (default unlimited).
The only difference is that the latter command can be run in certain iterations as specified in the last argument.
Stopping running processes:
Use the following command to stop running processes:
diagnose sys kill <signal> <process id>
In this example:
For example, to stop the process with process ID 903, enter the following command:
diagnose sys kill 11 903
To kill/restart all the process IDs using the single daemon, use the command below:
fnsysctl killall <process name>
To monitor the resource usage by any daemon, grep may be used:
diagnose sys top 5 99 | grep wad
wad 185 S 0.4 0.4 0
wad 191 S 0.4 0.3 3
wad 184 S 0.0 0.4 1
wad 173 S 0.0 0.4 1
wad 183 S 0.0 0.3 1
wad 190 S 0.0 0.3 0
Related document:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.