Created on
‎11-10-2022
07:22 AM
Edited on
‎01-28-2025
05:44 AM
By
Anthony_E
Description | This article describes how to capture the debug logs for logging issues. |
Scope | FortiGate v6.2, v6.4, v7.0 and v7.2 |
Solution |
Daemon(s):
/bin/miglogd <- The miglogd process is responsible for logging locally to the unit.
Miglogd logs use port 514. In Reliable mode, Miglogd uses TCP/514. When Reliable is disabled, it uses UDP port 514.
Logging daemon (Miglogd).
The number of logging daemon child processes has been made available for editing.
A higher number can affect performance, and a lower number can affect log processing time, although no logs will be dropped or lost if the number is decreased.
If performance issues occur, consider altering the number of logging daemon child processes from 0 to 15 by using the following configuration.
The default is 8.
config system global
set miglogd-children <integer>
end
General debug commands:
diagnose debug application miglogd 255 <- Leave it on for a much longer time to see what is printed out.
FortiOS v7.6.+:
dia test application miglogd
And so on...
To see more options, run the following command:
dia test application miglogd <Press enter to find more test level and purpose of the each level
In v7.2.4 and above, use the 'fgtlogd' daemon to check logging to FortiAnalyzer and Fortigate Cloud: Log-related diagnostic commands.
diagnose test application fgtlogd <Test Level> diagnose test application fgtlogd <Press enter to find more test level and purpose of the each level> diagnose debug application fgtlogd -1 diagnose debug enable diagnose debug disable
Note: Logs are generally sent to FortiAnalyzer/Syslog devices using UDP port 514. To use sniffer, run the following commands:
diag sniffer packet any 'udp port 514' 4 0 l diag sniffer packet any 'udp port 514' 6 0 a
Note: If logs are sent to FortiAnalyzer and 'set reliable' is enabled under config log fortianalyzer settings, logs will be sent using TCP port 514 and for sniffer.
It is possible to run the following:
diag sniffer packet any 'tcp port 514' 4 0 l diag sniffer packet any 'tcp port 514' 6 0 a
Note: FortiGate sends logs to FortiCloud on TCP port 514 and makes sure to use the sniffer:
diagnose sniffer packet any 'tcp port 514' 4 0 l diagnose sniffer packet any 'tcp port 514' 6 0 a |