Hello forum,
we have a box with many VPN tunnels, but one is giving me a headache.
I like to do a long term debugging, because FortiAnalizer has not the necessary details like dpd messages. My best method currently is to run a "screen" session with output logging and do "diagnose debug application ike -1" there.
But this ends after 30 minutes and has no timestamp.
Has anyone a good idea? Sending those debugs to a syslog server would be great.
Cheers,
Dirk
Hi Dirk,
My method is:
putty with logging enabled
Prolong Admin Session Timeout via GUI
Prolong Debug time:
diagnose debug duration 0
Enable debug timestamp:
diagnose debug console timestamp enable
Filter Debug for the specific Peer´s Source (yes, filter is set as dst-addr 
:(
diagnose vpn ike log-filter dst-addr4 1.2.3.4
diagnose vpn ike filter dst-addr4 1.2.3.4
Regards,
The jaene
Hello The jaene,
"diagnose debug duration 0" is one thing I didn't know about, thank you for that.
I got another hint that's solving the timestamp issue. "ts" from the moreutils package adds a configurable timestamp to an output line. Together with "tee" it works directly with ssh.
ssh my-fortigate | tee >(ts > debug.log)
Cheers,
Dirk
| User | Count |
|---|---|
| 2250 | |
| 1223 | |
| 772 | |
| 451 | |
| 366 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.
