| Description | This article describes steps to collect the logs needed for investigating the high logdisk usage and log related problems. |
| Scope | For version 6.0 and above. |
| Solution |
For Logdisk usage: Login to FortiWeb SSH by using the default 'admin' account and collect the output of the following commands (make sure to record the ssh session output to a file).
Fortiweb# get sys status
For Traffic/attack/event logs related problems : Login to FortiWeb SSH and run the following debug commands. (please make sure to record the ssh session output to a file).
Fortiweb# diag deb reset
Reproduce the problem and wait for two minutes.
And then, turn off debugging by running the following commands.
Fortiweb# diagnose debug disable
Login to FortiWeb SSH using the default 'admin' and run the following debug commands. (please make sure to record the ssh session output to a file)
Fortiweb# fn cat /var/log/dlog_indexd Fortiweb# fn cat /var/log/dlog_logd Fortiweb# fn cat /var/log/mysql/error.log
Fortiweb# fn cat /proc/miglog/alog/brief Fortiweb# fn cat /proc/miglog/tlog/brief Fortiweb# fn cat /proc/miglog/elog/brief
Wait for 2 minutes and execute following commands.
Fortiweb# fn cat /proc/miglog/alog/brief Fortiweb# fn cat /proc/miglog/tlog/brief Fortiweb# fn cat /proc/miglog/elog/brief
As the logs not showing up problem could be the byproduct of high logdisk usage problem, collect the output of the commands mentioned above in the 'For Logdisk usage'.
To download the system debug file, go to System -> Maintenance -> Debug -> Debug Log and Download the debug log file (refer to the screenshot added below).
Related article: |
