FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 229508
Description This article describes how to capture the debug logs for logging issues.
Scope 6.2,6.4,7.0 and 7.2



/bin/miglogd <- The miglogd process is responsible for logging locally to the unit.


Miglogd logs use port 514. In Reliable mode, Miglogd uses TCP/514. When Reliable is disabled, it uses UDP port 514.


Logging daemon (Miglogd).
The number of logging daemon child processes has been made available for editing.
A higher number can affect performance, and a lower number can affect log processing time, although no logs will be dropped or lost if the number is decreased.
If performance issues occur, consider altering the number of logging daemon child processes from 0 to 15 by using the following configuration.
The default is 8.
config system global
    set miglogd-children <integer>

General debug commands:


diagnose debug application miglogd 255 <- Leave it on for a much longer time to see what is printed out.
diagnose debug enable

diagnose test application miglogd 1 <- Have_disk= 1 shows the disk status.
diagnose test application miglogd 4 <- Will show number of active log devices.
diagnose test application miglogd 6 <- Will show log dev statistics.
diagnose test application miglogd 15 <- Duration.
diagnose test application miglogd 20 <- Will show if OFTP status is established [ OFPD, this process is used to upload Logs ].
diagnose test app miglogd 26 1 <- Enable/disable log dumping.
diagnose log kernel-stats <- Query logging statistics.
execute log fortiguard test-connectivity


Note: Logs are generally sent to FortiAnalyzer/Syslog devices using UDP port 514. To use sniffer, run the following commands:


       diag sniffer packet any 'udp port 514' 4 0 l

diag sniffer packet any 'udp port 514' 6 0 a


Note: If logs are sent to FortiAnalyzer and 'set reliable' is enabled under config log fortianalyzer settings, logs will be sent using TCP port 514 and for sniffer.


It is possible to run the following:


diag sniffer packet any 'tcp port 514' 4 0 l

diag sniffer packet any 'tcp port 514' 6 0 a


Note: FortiGate sends logs to FortiCloud on TCP port 514 and makes sure to use the sniffer:


       diagnose sniffer packet any 'tcp port 514' 4 0 l

diagnose sniffer packet any 'tcp port 514' 6 0 a