Back up log files or dump log messages

Back up log files or dump log messages

When a log issue is caused by a particular log message, it is very help to get logs from that FortiGate. This topic provides steps for using exe log backup or dump log messages to USB.

Back up full logs using exe log backup

This command backs up all disk log files and is only available on FortiGates with SSD disk.

Before running exec log backup, we recommend temporarily stopping miglogd and reportd.

To stop and kill miglogd and reportd:

diagnose sys process daemon-auto-restart disable miglogd diagnose sys process daemon-auto-restart disable reportd

fnsysctl killall miglogd fnsysctl killall reportd

To store the log file on USB drive:

  1. Plug in a USB drive into the FortiGate.
  2. Run this command:

exec log backup /usb/log.tar

To restart miglogd and reportd:

diagnose sys process daemon-auto-restart enable miglogd diagnose sys process daemon-auto-restart enable reportd

Dump log messages

To dump log messages:

  1. Enable log dumping for miglogd

FGT-B-LOG (global) # diagnose test application miglogd 26 1 miglogd(1) log dumping is enabled

  1. Display all miglogd dumping status.

FGT-B-LOG (global) # diagnose test application miglogd 26 0 255 miglogd(0) log dumping is disabled

miglogd(1) log dumping is enabled miglogd(2) log dumping is disabled

FGT-B-LOG (global) # diagnose test application miglogd 26 2 miglogd(2) log dumping is enabled

FGT-B-LOG (global) # diagnose test application miglogd 26 0 miglogd(0) log dumping is enabled

FGT-B-LOG (global) # diagnose test application miglogd 26 0 255 miglogd(0) log dumping is enabled miglogd(1) log dumping is enabled miglogd(2) log dumping is enabled

  1. Let FortiGate run and collect log messages.
  2. List log dump files.

FGT-B-LOG (global) # diagnose test application miglogd 33

2019-04-17 15:50:02         20828     log-1-0.dat

2019-04-17 15:48:31           4892     log-2-0.dat

  1. Back up log dump files to USB disk.

FGT-B-LOG (global) # diagnose test application miglogd 34 Dumping file miglog1_index0.dat copied to USB disk OK.

Dumping file miglog2_index0.dat copied to USB disk OK.

  1. Disable log dumping for miglogd daemon

FGT-B-LOG (global) # diagnose test application miglogd 26 0 miglogd(0) log dumping is disabled

FGT-B-LOG (global) # diagnose test application miglogd 26 1 miglogd(1) log dumping is disabled

FGT-B-LOG (global) # diagnose test application miglogd 26 2 miglogd(2) log dumping is disabled

FGT-B-LOG (global) # diagnose test application miglogd 26 0 255 miglogd(0) log dumping is disabled miglogd(1) log dumping is disabled miglogd(2) log dumping is disabled

This entry was posted in Administration Guides, FortiGate, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.