| Description | This article describes steps to collect the logs needed for investigating the high log disk usage and log-related problems. |
| Scope | For version 6.0 and above. |
| Solution |
For Logdisk usage: Log in to FortiWeb SSH by using the default 'admin' account and collect the output of the following commands (make sure to record the SSH session output to a file).
Fortiweb# get sys status Fortiweb# diagnose debug crashlog show
For Traffic/attack/event logs related problems: Log in to FortiWeb SSH and run the following debug commands. (Make sure to record the SSH session output to a file.)
Fortiweb# diagnose deb reset
Reproduce the problem and wait for two minutes.
And then, turn off debugging by running the following commands.
Fortiweb# diagnose debug disable
Log in to FortiWeb SSH using the default 'admin' and run the following debug commands. (make sure to record the SSH session output to a file).
Fortiweb# fn cat /var/log/dlog_indexd Fortiweb# fn cat /var/log/dlog_logd Fortiweb# fn cat /var/log/mysql/error.log
Fortiweb# fn cat /proc/miglog/alog/brief Fortiweb# fn cat /proc/miglog/tlog/brief Fortiweb# fn cat /proc/miglog/elog/brief
Wait for 2 minutes and execute following commands.
Fortiweb# fn cat /proc/miglog/alog/brief Fortiweb# fn cat /proc/miglog/tlog/brief Fortiweb# fn cat /proc/miglog/elog/brief
As the logs not showing up problem could be the byproduct of high logdisk usage problem, collect the output of the commands mentioned above in the 'For Logdisk usage'.
To download the system debug file, go to System -> Maintenance -> Debug -> Debug Log and Download the debug log file (refer to the screenshot added below).
Related article: |
