Technical Tip: How to collect the logs needed for investigating logdisk usage and log related problems

- For Logdisk usage: Login to FortiWeb SSH by using the default 'admin' account and collect the output of the following commands (make sure to record the ssh session output to a file).

Fortiweb# get sys status
Fortiweb# get log disk
Fortiweb# get log traffic-log
Fortiweb# diagnose system mount list
Fortiweb# diagnose hardware harddisk list
Fortiweb# diagnose hardware logdisk info
Fortiweb# fn ps
Fortiweb# fn ls -lh /var/log
Fortiweb# fn ls -lh /var/log/fwlog/root/disklog/
Fortiweb# fn ls -lh /var/log/fwlog/root/database/
Fortiweb# fn du -sch /var/log/
Fortiweb# fn du -h /var/log/
Fortiweb# fn du -sch /var/log/fwlog
Fortiweb# fn du -h /var/log/fwlog
Fortiweb# fn du -sch /var/log/fwlog/root/disklog/
Fortiweb# fn du -h /var/log/fwlog/root/disklog/
Fortiweb# fn du -sch /var/log/fwlog/root/database/
Fortiweb# fn du -h /var/log/fwlog/root/database/
Fortiweb# fn du -sch /var/log/fwlog/root
Fortiweb# fn du -h /var/log/fwlog/root

- For Traffic/attack/event logs related problems : Login to FortiWeb SSH and run the following debug commands. (please make sure to record the ssh session output to a file).

Fortiweb# diag deb reset
Fortiweb# diagnose debug application logd 7
Fortiweb# diagnose debug enable

Reproduce the problem and wait for two minutes.

And then, turn off debugging by running the following commands.

Fortiweb# diagnose debug disable

As the logs not showing up problem could be the byproduct of high logdisk usage problem, collect the output of the commands mentioned above in the 'For Logdisk usage'.

- Along with the above files, attach the configuration backup and the system debug file.

To download the system debug file, go to System -> Maintenance -> Debug -> Debug Log and Download the debug log file (refer to the screenshot added below).

- Attach all the files to the ticket.