Comprehensive Guide to Debugging FortiManager Services
Introduction
Debugging is an essential process for identifying and resolving issues within your FortiManager system. FortiManager offers a broad range of commands that allow you to set debug levels, manage core dumps, monitor services, and more.
Understanding Debug Levels
Debug levels in FortiManager range from 0 to 8, with 0 being the lowest level and 8 being the highest. Setting a higher debug level provides more detailed information, which is useful for diagnosing complex issues.
General Debugging Commands
Here are some basic commands you can use for debugging:
diagnose debug enable
: Enable debugging.diagnose debug disable
: Disable debugging.diagnose debug reset
: Reset the debug level settings.diagnose debug info
: Show active debug level settings.
Debugging Specific FortiManager Services
FortiManager allows you to debug various service daemons using diagnose debug service
command. Here are some examples:
- Enable Debugging for HTTP Daemon
diagnose debug service httpd <integer>
Set the debug level for the HTTPd daemon. - Enable Debugging for CDB Service
diagnose debug service cdb <integer>
Set the debug level for the Configuration Database (CDB) service. - Enable Debugging for DVMDB Service
diagnose debug service dvmdb <integer>
Set the debug level for the Device Manager Database (DVMDB) service.
Debugging FortiManager Applications
In addition to services, you can also debug FortiManager applications using the following syntax:
diagnose debug application <appName> <integer>
: Set debug levels for a specific application.- Example:
diagnose debug application fazalertd 7
This sets the debug level to 7 for thefazalertd
application.
Managing Core Dumps
Core dumps provide valuable information during a crash. Use the following commands to manage core dumps:
diagnose debug coredump enable
: Enable core dumps for a daemon.diagnose debug coredump disable
: Disable core dumps for a daemon.diagnose debug coredump upload
: Upload core dumps to a server.
Debugging CLI Command
To set the debug level for the CLI, use:
diagnose debug cli <integer>
: Set the debug level of the CLI (default = 3).
Managing and Viewing Logs
Logs are crucial for understanding what’s happening inside FortiManager. Here are some useful commands:
- View Kernel Logs
diagnose debug klog read
: Show all kernel logs. - Show Raw elog
diagnose debug raw-elog
: Show raw elog. - Debug Console Logs
diagnose debug console <enable | disable>
: Enable or disable console debugging.
Backup Script Log Files
If a script log file fails to upgrade, you can back it up to an FTP server using:
- Backup Script Log Files
diagnose debug backup-oldformat-script-logs <ip> <string> <username> <password>
- Variable Description:
<ip>
: FTP server IP address.<string>
: Path/filename to save the log.<username>
: FTP server username.<password>
: FTP server password.
Conclusion
Debugging is a critical skill for managing and maintaining FortiManager. With the right commands, you can isolate issues quickly and solve them efficiently. For full documentation and advanced options, visit the official FortiManager CLI Reference at FortiManager CLI Reference.