Description
This article describes the grab-log-snapshot report as one utility that collects a snapshot of a system's logfiles, stacktrace and memory information plus other information needed in order to diagnose a problem.
Logs should be collected during any of the following scenarios:
- Reproducing a problem (additional debug may need to be enabled. Use the commands provided by Support or in the applicable integration reference manual in the Document Library).
- The appliance is hung for some reason.
- Memory/resource issues ('OutOfMemory') on the appliance.
- Slow performance of the appliance/VM is noticed.
- The 'processes are down' message appears on the GUI instead of the login.
Important:
- The utility has to be run before a reboot of the appliance. In some instances, a reboot can destroy evidence of a problem.
- It is important to run grab-logs from the CLI for CPU/memory usage, no access to GUI, intermittent loss of admin access, etc., before rebooting or using shutdownNAC -kill.
- If a Control Server/Application Server or a High Availability pair is in use, the script has to be run on each appliance.
Scope
Version: FortiNAC legacy v8.x and greater.
Version: FortiNAC-OS v7.2.x and greater.
Solution
GUI Instructions (available in versions v9.4, v7.2, and greater):
This will generate and download a snapshot of the logs directly from the browser. The status is shown at the bottom right of the screen.
In an HA environment, when the primary is in control, there is a possibility to generate a secondary node grab-log-snapshot from the GUI.
Select '?' Question Mark icon, then into the 'Gear' (settings) icon:
Download logs: An advanced option to download primary and/or secondary node grab-log-snapshot will appear:
Select the image to view it in greater detail.
See the Download logs in the Administration Guide.
CLI Instructions (CentOS appliance):
- Log in to the CLI of the appliance as root.
- Execute the script:
grab-log-snapshot
The script will collect and zip-compress a large number of files.
This will take several minutes.
The resulting zip file (log-snapshot-<hostname>-<timestamp>.tar.gz) is located in the /tmp directory.
For example:
grab-log-snapshot
This program grabs a snapshot of the system logfiles.
It takes several minutes to run.
Gathering logfiles...
Gathering system info....
Grabbing stacktraces....
Grabbing memory info....
Grabbing scheduler info....
Grabbing cluster network info....
Grabbing license info...
Packaging logfiles (takes a little while)...
All done.
Prelink messages that state that 'at least one of the file's dependencies has changed since prelinking' can be ignored.
Logs are here: /tmp/log-snapshot-fortinac.forti.lab-20240530160858.tar.gz.
Give this file to Support. If a CPU performance or memory usage has experienced the problem, arrange with Support to run the collect-linux-debug-info script.
- Retrieve the grab-log-snapshot file(s) to submit to Support. This can be done using WinSCP or a similar application (specify SCP protocol) to download the files from the appliance.
- Submit to Support. Open a support ticket and upload the files. Note: A comment must be added for the file to be saved.
CLI Instructions (FortiNAC-OS appliance):
There could be various reasons why the FortiNAC-F is not showing the GUI. To generate the log file, follow these instructions:
- Log in to the CLI of the appliance as 'admin'.
Execute commands:
execute enter-shell
sudo grab-log-snapshot
This program grabs a snapshot of the system logfiles.
It takes several minutes to run.
Gathering logfiles...
Gathering system info....
Grabbing stacktraces....
Grabbing memory info....
Grabbing scheduler info....
Grabbing cluster network info....
Grabbing FortiNAC-OS configuration....
Grabbing FortiNAC-OS hardware status....
Grabbing FortiNAC-OS system status....
Grabbing license info...
Packaging logfiles (takes a little while)...
All done.
Prelink messages that state that 'at least one of the file's dependencies has changed since prelinking' can be ignored.
Logs are here: /tmp/log-snapshot-fortinac1-20240530171321.tar.gz.
Give this file to Support. If experiencing a CPU performance or a memory usage problem, arrange with Support to run the collect-linux-debug-info script.
-
In FortiNAC-OS, inbound access to the appliance via the SFTP protocol is not possible. The 'scp' command is required to upload a file to another SCP/SSH running host (which could be any Linux-based machine). For example:
scp /tmp/log-snapshot-fortinac1-20240530171321.tar.gz files-user@192.168.48.10:/files/
Note: Starting from FortiNAC-F v7.2.7, the generated log file will be located under '/bsc/campusMgrUpdates/':
scp /bsc/campusMgrUpdates/log-snapshot-fortinac1-20240530171321.tar.gz files-user@192.168.48.10:/files/
Another alternative to export this file is via the TFTP protocol; a TFTP server may be easier to set up in the network. For example, a Free third-party TFTP Application server can be used on a local Windows machine:
cd /bsc/campusMgrUpdates/
tftp -pr log-snapshot-fnac-20241009143956.tar.gz tftp.local
-
Submit the file to Support. Open a support ticket and upload the files.
Note: A comment must be added for the file to be saved.
If the file(s) are too big, contact Support for assistance.
Related article:
Troubleshooting Tip: Clear a stuck 'Retrieving Log Snapshot' task notification
