FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
ebilcari
Staff
Staff
Article Id 286277
Description

 

This article describes how to collect Agent debug logs in end hosts for troubleshooting purposes.

 

Scope

 

FortiNAC.

 

Solution

 

The following log files are created on the host computer upon installation of the Persistent Agent. For the currently supported Agent version (v5.x, v9.x) the logs file can be found in this path:

 

On Windows hosts:

 

%ProgramData%\Bradford Networks

 

That is usually this absolute path:

 

C:\ProgramData\Bradford Networks\

 

The files are:

 

C:\ProgramData\Bradford Networks>dir
Volume in drive C has no label.
Volume Serial Number is

Directory of C:\ProgramData\Bradford Networks

12/01/2022 03:35 PM <DIR> .
12/01/2022 03:35 PM <DIR> ..
11/27/2023 01:17 PM 7,736 bndaemon_log.txt
11/27/2023 01:17 PM 216,870 general.txt
11/27/2023 12:21 AM 0 stdout.txt

 

The agent logs can also be checked in real-time with the PowerShell tool similar to the output of the 'tail -f' command as follows:

 

PS > Get-Content "C:\ProgramData\Bradford Networks\general.txt" -Wait -tail 1

 

2024-12-07 16:27:46 UTC :: Detected Server Version: 0
2024-12-07 16:28:06 UTC :: Debug: DelimVersion.. Requested: 6.1 System: 6.3 Delim: .
2024-12-07 16:28:06 UTC :: Debug: DelimVersion.. Returning: false

 

On MacOS hosts (Agent version 10.x):

 

/var/log/bndaemon.error.log

/var/log/syslog

 

On Linux hosts:

 

/var/log/bndaemon

/var/log/secure

/var/log/messages


In the case of the Dissolvable Agent no logs are saved by default in the end host, a command needs to be run in FortiNAC CLI to enable the agent to generate the logs in the end host:

 

> agenttool debug -enableDA

Enabled Extra DA Policy Debug

 

In the case of FortiNAC-F, it is necessary to enter the shell first:

 

fortinac # execute enter-shell
fortinac:~$ agenttool debug -enableDA
Enabled Extra DA Policy Debug

 

While this debug command is enabled in FortiNAC, when the Dissolvable agent is downloaded and run on the end host it will create a helpful log file that can be found and extracted in this path:

 

 %temp%\csalog.txt 

 

When these logs are not needed anymore the debug command can be disabled from the FortiNAC CLI:

 

> agenttool debug -disableDA

 

Attach these files to the case. Upon submission, add a case comment with the details regarding the symptoms experienced, including any error messages, the steps taken that resulted in the symptom, and the timestamp of network changes or notifications.

 

Related articles:

Technical Note: Enable Windows Dissolvable Agent debug logging

Troubleshooting Tip: Windows Persistent Agent logs

Technical Note: macOS Persistent Agent logs

 

Related document:

Persistent Agent Deployment and Configuration