Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msingh_FTNT
Staff
Staff

Created on ‎11-10-2022 07:22 AM Edited on ‎04-01-2025 10:24 PM By Moderator

Article Id 229508

Troubleshooting Tip: FortiGate Logging debugs

Description This article describes how to capture the debug logs for logging issues.
Scope FortiGate v6.2, v6.4, v7.0 and v7.2.
Solution

Daemon(s):

 

/bin/miglogd <- The miglogd process is responsible for logging locally to the unit.

 

Miglogd logs use port 514. In Reliable mode, Miglogd uses TCP/514. When Reliable is disabled, it uses UDP port 514.

 

Logging daemon (Miglogd).
The number of logging daemon child processes has been made available for editing.
A higher number can affect performance, and a lower number can affect log processing time, although no logs will be dropped or lost if the number is decreased.
 
If performance issues occur, consider altering the number of logging daemon child processes from 0 to 15 by using the following configuration.
The default is 8.
 
config system global
    set miglogd-children <integer>
end
 

General debug commands:

 

diagnose debug application miglogd 255 <- Leave it on for a much longer time to see what is printed out.
diagnose debug enable

diagnose test application miglogd 1 <- Have_disk= 1 shows the disk status.
diagnose test application miglogd 4 <----- Will show several active log devices.
diagnose test application miglogd 6 <----- Will show log dev statistics.
diagnose test application miglogd 15 <---- Will show miglogd ID.
diagnose test application miglogd 20 <----- Will show if OFTP status is established (OFPD, this process is used to upload Logs).
diagnose test app miglogd 26 1 <----- Enable/disable log dumping.
diagnose log kernel-stats <----- Query logging statistics.
execute log fortiguard test-connectivity

 

In v7.6.+:

 

diagnose test application miglogd 

 

  1. Run show global log setting.
  2. Run show vdom log setting.
  3. Run show log buffer sz.
  4. Run show log statistics.
  5. Show the MAX file descriptor number.
  6. Dump statistics.

 

To see more options, run the following command:

 

diagnose test application miglogd <-- Press enter to find more test levels and the purpose of each level.

 

In v7.2.4 and above, use the 'fgtlogd' daemon to check logging to FortiAnalyzer and FortiGate Cloud: Log-related diagnostic commands.

      

diagnose debug reset

diagnose test application fgtlogd <-- Test Level.

diagnose test application fgtlogd <-- Press enter to find more test levels and the purpose of each level.

diagnose debug application fgtlogd -1

diagnose debug console timestamp enable

diagnose debug enable

 

To stop the above debugs, type diagnose debug disable.

                             

Note:

Logs are generally sent to FortiAnalyzer/Syslog devices using UDP port 514. To use sniffer, run the following commands:

 

diagnose sniffer packet any 'udp port 514' 4 0 l

diagnose sniffer packet any 'udp port 514' 6 0 a

 

Note:

If logs are sent to FortiAnalyzer and 'set reliable' is enabled under config log fortianalyzer settings, logs will be sent using TCP port 514 and for sniffer.

 

It is possible to run the following:

 

diagnose sniffer packet any 'tcp port 514' 4 0 l

diagnose sniffer packet any 'tcp port 514' 6 0 a

 

Note:

FortiGate sends logs to FortiCloud on TCP port 514 and makes sure to use the sniffer:

 

diagnose sniffer packet any 'tcp port 514' 4 0 l

diagnose sniffer packet any 'tcp port 514' 6 0 a
10109
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.