Technical Tip: How to backup log files or dumping log messages

vhitnal · ‎05-29-2020

Description
This article describes how to backup log files or dumping log messages.

Solution
This topic provides steps for using # execute log backup or dumping log messages to a USB drive.
When a log issue is caused by a particular log message, it is very helpful to get logs from that FortiGate

Backing up full logs using # execute log backup.
This command backs up all disk log files and is only available on FortiGates with an SSD disk.
Before running execute log backup, we recommend temporarily stopping miglogd and reportd.
To stop and kill miglogd and reportd:

# diagnose sys process daemon-auto-restart disable miglogd
# diagnose sys process daemon-auto-restart disable reportd

fnsysctl killall miglogd
fnsysctl killall reportd

To store the log file on a USB drive:
1) Plug in a USB drive into the FortiGate.
2) Run this command:

# exec log backup /usb/log.tar

To restart miglogd and reportd.

# diagnose sys process daemon-auto-restart enable miglogd
# diagnose sys process daemon-auto-restart enable reportd

Dumping log messages.
To dump log messages:
1) Enable log dumping for miglogd daemon:

(global) # diagnose test application miglogd 26 1
miglogd(1) log dumping is enabled

2) Display all miglogd dumping status:

(global) # diagnose test application miglogd 26 0 255
miglogd(0) log dumping is disabled
miglogd(1) log dumping is enabled
miglogd(2) log dumping is disabled

(global) # diagnose test application miglogd 26 2
miglogd(2) log dumping is enabled

(global) # diagnose test application miglogd 26 0
miglogd(0) log dumping is enabled

(global) # diagnose test application miglogd 26 0 255
miglogd(0) log dumping is enabled
miglogd(1) log dumping is enabled
miglogd(2) log dumping is enabled

3) Let the FortiGate run and collect log messages.
4) List the log dump files:

(global) # diagnose test application miglogd 33
2019-04-17 15:50:02 20828 log-1-0.dat
2019-04-17 15:48:31 4892 log-2-0.dat

5) Back up log dump files to the USB drive:

(global) # diagnose test application miglogd 34

Dumping file miglog1_index0.dat copied to USB disk OK.

Dumping file miglog2_index0.dat copied to USB disk OK.

6) Disable log dumping for miglogd daemon:

(global) # diagnose test application miglogd 26 0
miglogd(0) log dumping is disabled

(global) # diagnose test application miglogd 26 1
miglogd(1) log dumping is disabled

(global) # diagnose test application miglogd 26 2
miglogd(2) log dumping is disabled

(global) # diagnose test application miglogd 26 0 255
miglogd(0) log dumping is disabled
miglogd(1) log dumping is disabled
miglogd(2) log dumping is disabled