FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
ebilcari
Staff
Staff
Article Id 255449

Description

 

This article describes how to use nacdebug logger types. Debug logger commands are used for listing loggers and setting their log levels.

 

Scope

 

FortiNAC v9.x.

 

Solution

 

Any specific logger can be enabled in the desired level with the following command:

 

nacdebug -logger org.apache.sshd -level xxxx


Valid log levels include:

 

  • SEVERE.
  • WARNING.
  • INFO.
  •  CONFIG.
  • FINE.
  • FINER.
  •  FINEST

 

To check all the available loggers and their status:

 

nacdebug -loggers 

 

To disable the logger:

 

nacdebug -logger org.apache.sshd

 

For example:

 

nacdebug -logger org.apache.sshd -level FINEST

 

output.master logs example:

 

org.apache.sshd.client.SshClient FINEST :: 2023-05-07 17:10:30:729 :: #884 :: addSessionListener(SshClient[64a7e2be])[org.apache.sshd.common.session.helpers.SessionTimeoutListener@1136e0eb] registered
org.apache.sshd.common.util.threads.SshdThreadFactory FINEST :: 2023-05-07 17:10:30:729 :: #884 :: newThread(java.lang.ThreadGroup[name=ORB ThreadGroup 0,maxpri=10])[sshd-SshClient[64a7e2be]-timer-thread-1] runnable=java.util.concurrent.ThreadPoolExecutor$Worker@25254f50[State = -1, empty queue]
org.apache.sshd.common.io.nio2.Nio2Connector FINEST :: 2023-05-07 17:10:30:729 :: #884 :: Creating Nio2Connector
org.apache.sshd.client.config.hosts.DefaultConfigFileHostEntryResolver FINE :: 2023-05-07 17:10:30:730 :: #884 :: resolveEffectiveHost(fortinac@10.0.0.1:22) => null
org.apache.sshd.client.SshClient FINE :: 2023-05-07 17:10:30:730 :: #884 :: connect(fortinac@10.0.0.1:22) no overrides
org.apache.sshd.common.io.nio2.Nio2Connector FINE :: 2023-05-07 17:10:30:730 :: #884 :: Connecting to /10.0.0.1:22
org.apache.sshd.common.io.nio2.Nio2Connector FINE :: 2023-05-07 17:10:30:730 :: #884 :: setOption(SO_REUSEADDR)[true] from property=socket-reuseaddr

 

There are loggers for master and nessus, meaning the appropriate log file should be checked.

 

Restarting the VM will restore these values to default:

 

nacdebug -loggers | grep -v INHERITED
loaderName loggerName loggerLevel
____________ ____________________________ ___________
MasterLoader '' INFO
MasterLoader net.sf.ehcache SEVERE
MasterLoader org.hibernate SEVERE
MasterLoader org.snmp4j WARNING
Nessus '' INFO
Nessus org.hibernate SEVERE

 

To enabling debug logging in a plugin, specify it by name as follows:

 

nacdebug -name DirectoryAuthentication true
Setting DirectoryAuthentication debug to true

 

The following command will also enable one or more loggers:

 

nacdebug -loggers | grep -v INHERITED
loaderName loggerName loggerLevel
____________ ____________________________ ___________
MasterLoader yams.DirectoryAuthentication FINER

 

Other examples of loggers:

 

Information for licensing (entitlementstool):

 

nacdebug -logger yams.FCPClient -level FINEST

tf output.master
yams.FCPClient FINE :: 2023-07-24 09:51:13:560 :: #847 :: HTTP/1.1 200 OK
yams.FCPClient FINE :: 2023-07-24 09:51:13:560 :: #847 :: FCPPackage [objects=[FCPObject [encryptedData=[80, ...

 

Radius log detailed for a specific MAC address:

 

 nacdebug -logger 'yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine' -level FINE

 tf output.master
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:814 :: #484 :: [Post-Auth] Process Started (16 attrs): nasIPAddr=10.0.0.1, srcIPAddr=192.168.1.102
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:815 :: #484 :: Device found for NAS-IP-Address [10.0.0.1]: ManagedElem: gw.eb.eu (10.0.0.1) [ID=32]

...
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINER :: 2023-11-06 12:00:37:821 :: #484 :: RadiusServer.getWiredPort: (gw.eb.eu/10.0.0.1) S108Exxxx:port4

...

yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINEST :: 2023-11-06 12:00:37:843 :: #484 :: Response attrs = {Tunnel-Type=[VLAN] (RadAttr), Tunnel-Private-Group-Id=[532] (RadAttr), Tunnel-Medium-Type=[IEEE-802] (RadAttr)}
...
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:843 :: #484 :: Parse RFC5176 Attrs: attrList = 1,31
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:843 :: #484 :: Parse RFC5176 Attrs: client = 00:0A:CD:38:B5:CD
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:845 :: #484 :: Parse RFC5176 Attrs: saving attr [1] (User-Name) = gimi
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:847 :: #484 :: Parse RFC5176 Attrs: saving attr [31] (Calling-Station-Id) = 00-0A-CD-38-B5-CD 
(building CoA attributes)
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:847 :: #484 :: Adding client update to queue for client 00:0A:CD:38:B5:CD
yams.RadiusAccess.00:0A:CD:38:B5:CD.RadiusAccessEngine FINE :: 2023-11-06 12:00:37:847 :: #484 :: [Post-Auth] Returns: [Access-Accept]

 

The following is an example of integration with a Security Fabric (Connection) and the CFS process (Cooperative Security Fabric), which can be used to troubleshoot FortiNAC tags and dynamic addresses:

 

nacdebug -logger yams.fortinet.csf -level FINEST

yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:031 :: #1395 :: ##send_hello()
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:031 :: #1395 :: >>> (/10.0.0.1:8013) decoded = CSFPacket [type=MSG_HELLO, stat=QUERY_SUCCESS, ttl=1, qid=22334477, data len = 58]
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:031 :: #1395 :: <<< (/10.0.0.1:8013) encoded = 010001223344770000003a00000049464e564d4341544d32333030313638350000000000666e6163000000000000000000000000000000000000000000000000000000000000000000
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:032 :: #1395 :: <<< (/10.0.0.1:8013) encoded = 010001223344770000003a000000494647564d3031544d3233303032383237000000000047570000000000000000000000000000000000000000000000000000000000000000000000
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:032 :: #1395 :: process_packet() from = /10.0.0.1:8013 type = MSG_HELLO, stat = QUERY_SUCCESS, path_len = 58
yams.fortinet.csf FINEST :: 2023-08-21 15:41:18:032 :: #1395 :: ##process_hello() /10.0.0.1:8013