Troubleshooting Tip: Many FortiCron log entries se...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 332163

Description

This article describes why the user may see a large amount of FortiCron log entries seen related to IPS debugging in logs. A solution is offered.

Scope

FortiOS 5.X, 6.X and 7.X.

Solution

Logs for diag ips debug disable all.png

Log Entry for diag ips debug disable.png

These messages are for IPS related processes:

One step of the current process of enabling/disabling the IPS engine debug messages is:

A process sends a message to ipsmonitor to run a diagnose command in each IPS daemon process.
The ipsmonitor then forwards the message to each IPS daemon process one by one. A loop is in place to find each ipsengine process and send it a message, wait for its acknowledgement, and then continue with the next one.
Once ipsmonitor finishes all of the ipsengine processes, it will acknowledge the process sent in the message in step 1.

In the above steps, the step 2 can be time consuming if the platform has many ipsengine processes, and the process sending messages to
ipsmonitor may time out, so it can give informational messages related to forticron and IPS.

Manually resetting debug filter in such instances using the following commands will stop the messages:

diag debug reset
diag debug flow filter clear
diag debug flow trace stop
diag debug disable

861

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: Many FortiCron log entries seen related to IPS

You are leaving our website