Description | This article describes how to collect logs when FortiGate is in conserve mode due to IPS Engine or WAD |
Scope | FortiGate v6.4 and above. |
Solution |
Conserve mode is triggered when memory consumption reaches the red level and traffic starts dropping when memory consumption reaches an extreme level. Check the following references to understand how the conserve mode is triggered:
Technical Tip: How conserve mode is triggered
IF IPS Engine consumes a lot of memory :
fnsysctl df -h
Find the process ID of the IPS engine daemon, then run these commands:
fnsysctl cat /proc/[process id]/status fnsysctl cat /proc/[process id]/maps fnsysctl cat /proc/[process id]/smaps
Along with this also collect the following debugs: get sys performance status diagnose hardware sysinfo memory diagnose sys session full-stat diagnose ips session status diagnose ips packet status diagnose ips memory status diagnose ips memory track-glib diag sys top-mem 50 diag sys top 1 99 <----- Let this run for 10 seconds and then press q to exit. diagnose test application ipsmonitor 3 diagnose test application ipsmonitor 14 diagnose test application ipsmonitor 15 diagnose test application ipsmonitor 24 diag sys top-sockmem fnsysctl df fnsysctl ls -al /tmp fnsysctl ls -al /dev/shm
IF WAD consumes a lot of memory: Collect the output of these commands during the issue:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.