Comprehensive Guide to Debugging FortiManager Services

Published on: 07-29-2023 By Saurabh Yadav

Introduction

Debugging is an essential process for identifying and resolving issues within your FortiManager system. FortiManager offers a broad range of commands that allow you to set debug levels, manage core dumps, monitor services, and more.

Understanding Debug Levels

Debug levels in FortiManager range from 0 to 8, with 0 being the lowest level and 8 being the highest. Setting a higher debug level provides more detailed information, which is useful for diagnosing complex issues.

General Debugging Commands

Here are some basic commands you can use for debugging:

  • diagnose debug enable: Enable debugging.
  • diagnose debug disable: Disable debugging.
  • diagnose debug reset: Reset the debug level settings.
  • diagnose debug info: Show active debug level settings.

Debugging Specific FortiManager Services

FortiManager allows you to debug various service daemons using diagnose debug service command. Here are some examples:

  • Enable Debugging for HTTP Daemon
    diagnose debug service httpd <integer>
    Set the debug level for the HTTPd daemon.
  • Enable Debugging for CDB Service
    diagnose debug service cdb <integer>
    Set the debug level for the Configuration Database (CDB) service.
  • Enable Debugging for DVMDB Service
    diagnose debug service dvmdb <integer>
    Set the debug level for the Device Manager Database (DVMDB) service.

Debugging FortiManager Applications

In addition to services, you can also debug FortiManager applications using the following syntax:

  • diagnose debug application <appName> <integer>: Set debug levels for a specific application.
  • Example:
    diagnose debug application fazalertd 7
    This sets the debug level to 7 for the fazalertd application.

Managing Core Dumps

Core dumps provide valuable information during a crash. Use the following commands to manage core dumps:

  • diagnose debug coredump enable: Enable core dumps for a daemon.
  • diagnose debug coredump disable: Disable core dumps for a daemon.
  • diagnose debug coredump upload: Upload core dumps to a server.

Debugging CLI Command

To set the debug level for the CLI, use:

  • diagnose debug cli <integer>: Set the debug level of the CLI (default = 3).

Managing and Viewing Logs

Logs are crucial for understanding what’s happening inside FortiManager. Here are some useful commands:

  • View Kernel Logs
    diagnose debug klog read : Show all kernel logs.
  • Show Raw elog
    diagnose debug raw-elog : Show raw elog.
  • Debug Console Logs
    diagnose debug console <enable | disable>: Enable or disable console debugging.

Backup Script Log Files

If a script log file fails to upgrade, you can back it up to an FTP server using:

  • Backup Script Log Files
    diagnose debug backup-oldformat-script-logs <ip> <string> <username> <password>
  • Variable Description:
    • <ip>: FTP server IP address.
    • <string>: Path/filename to save the log.
    • <username>: FTP server username.
    • <password>: FTP server password.

Conclusion

Debugging is a critical skill for managing and maintaining FortiManager. With the right commands, you can isolate issues quickly and solve them efficiently. For full documentation and advanced options, visit the official FortiManager CLI Reference at FortiManager CLI Reference.