FortiAnalyzer

Cheat Sheet FortiManager

for version 7.4

The cheat sheet from BOLL. Here FortiAnalyzer Logging

you can find all important CLI Device and ADOM Operation
commands for the operation and config system global ADOM settings
set adom-status [en/dis] Enable or disable ADOM mode
troubleshooting of FortiAnalyzer and config system global Set ADOM mode to normal or
FortiManager for version 7.4. set adom-mode [normal/adv] advanced (for VDOMs)
config system global Displays ADOM window after
set adom-select [en/dis] login
diag dvm adom list Enabled and configured ADOMs
General Currently registered and un-
diag dvm device list
Default Device Information registered devices and VDOMs

admin / no password Default login diag test appl oftpd 3 Currently connected devices/IPs

192.168.1.99 Default IP on port1 or mgmt port diag test appl oftpd 9 Currently unregistered devices

9600/8-N-1 exec reset adom-settings

Default serial console settings Reset the ADOM version to 6.4
hardware flow control disabled <ADOM name> 6 4 0
exec device replace sn
Replace device with new device
Reset Information <devname> <new sn>
Erases the configuration on
exec reset all-settings
flash, containing IP and routes Log Forwarding
Erases the configuration but config system log-forward
exec reset all-except-ip Forwarding logs to FortiAnalyzer
preserves IPs and routes edit <id>
/ Syslog / CEF
Erases device settings, images, set mode <realtime, aggr, dis>
exec format disk databases, and log data on disk, conf sys log-forward-service Configure the FortiAnalyzer that
but preserves IPs and routes set accept-aggregation enable receives logs
diag cdb upgrade summary Upgrade history
Log Backup
Server Information exec backup logs <device|all>
get system status General device status <ftp|sftp|scp> <serverip> <user> Backup logs to external storage
<password> <location on server>
get system performance Performance statistics
exec restore <options> Restore commands
diag system print [option] View different server information
Hardware statistics for CPU, Log Encryption
diag hardware info
memory, disk and RAID
config log fortianalyzer setting
set reliable enable FortiGate’s encryption level
Network set enc-alg {high-med|high*|low}
exec ping [host] Ping utility config sys global
FortiAnalyzer’s encryption level
exec traceroute [host] Traceroute utility set enc-alg {high* | med | low}
diag sniffer packet <interface> config system global Configure FAZ to record log file
Packet sniffer set log-checksum {md5 | md5- hash value/timestamp and
<filter> <level> <timestamp>
auth | none} authentication code
diag sniff packet any ‘port 514’ 4 Sniffer for log traffic
config sys fortiview settings Resolve IP address to Log Settings on FortiGate
set resolve-ip enable hostname
config log fortianalyzer setting Logging commands on
config log fortianalyzer filter FortiGate
Disk / RAID / Virtual Disk
diag log test Generates dummy logmessages
config sys locallog disk setting
What happens with oldest logs diag test appl miglogd 6 Dumps statistics for log daemon
set diskfull nolog/overwrite
diag test appl fgtlogd 4 Logging statistics, cache size
diag system raid [option] RAID information
diag system disk [option] Disk information diag log kernel-stats Sent and failed log statistics

exec lvm info list of available disks (VM) exec log fortianalyzer
Test connection to FortiAnalyzer
test-connectivity
exec lvm extend <disk nr.> Add disk (VM)
Check and repair file system Log Troubleshooting
diag sys fsck harddisk
after crash or power loss
diag debug appl oftpd 8 Daemon for receiving logs
diag test appl logfiled 2 Log file-related activities
Process Information
diag log device Used disk space per ADOM
get system performance status General performance infos
diag system print df Logs and system files on drive
diag debug crashlog history Crash statistics
diag fortilogd lograte / -total Log receive rate
diag debug crashlog read Crash log
diag fortilogd lograte-device/-type Log receive rate per device/type
CPU/Memory intense processes
exec top diag fortilogd lograte-adom Log rate for all/specific ADOM
Sort with P (CPU) / M (Memory)
exec iotop Processes with high I/O diag fortilogd logvol-adom Log volume for all/spec. ADOM
diag fortilogd msgrate / -total Message rate
Firmware Upgrade Order diag fortilogd msgrate-device/-
Message rate per device/type
type
FortiAnalyzer → FortiManager → FortiGate

v1.3 – 24.3.2025 page 1 / 2

 FortiAnalyzer
Cheat Sheet FortiManager
for version 7.4

FortiAnalyzer Reporting
Hard Cache Management Settings on FortiGate
SQL query conn and hcache conf system central-management
diag sql status sqlreportd FortiGate configuration for
status set type fortimanager linking FGT to model-device
diag sql show hcache-size Hcache size on the file system set fmg <FortiManager IP>

diag test appl sqlrptcached exec central-mgmt register-

State of the hcache Run on FGT to link model
<level> device <fmg-serial-no> <fmg-
device to real device
register-password>
diag test appl sqlreportd 2 Diagnose hcache creation
exec sql-report hcache-build Troubleshooting FortiGuard
<ADOM-name> <schedule- Rebuild hcache
name> <start-time> <end-time> exec ping fds1.fortinet.com Verify DNS to FortiGuard

exec sql-report list-schedule View report grouping FDS (fdslinkd) FortiGate AV/IPS
<ADOM-name> information FGD (fgdlinkd) FortiGate Web-/Email filter
FCT (fctlinkd) FortiClient AV/IPS
FDN FortiGuard Distribution Network
Database
diag fmupdate view-serverlist Show list of available update
diag sql process list Current SQL processes running [fds/fgd] servers per service
diag sql status sqlplugind SQL insertion status diag fmupdate update-status Display update status per
exec sql-local rebuild-adom [fds/fct/fgd] FortiGuard service
Rebuild ADOM database
<ADOM-name> diag fmupdate dbcontract Verify FortiGate contract
<optional device serial number>] information on FMG
FortiAnalyzer HA
Troubleshooting ADOM Databases
HA
exec fmpolicy print-adom-
diag test appl oftpd 81 Show HA info Troubleshoot provisioning
package <adom> < template
templates
diag ha status / stats Show HA status / statistics type> <package> <category>

diag ha failover Run on master, force failover exec fmpolicy print-device-

Display device configuration
database <adom> <device >
diag ha load-balance Shows HA load balance status
exec fmpolicy print-device-object
diag ha force-cfg-resync Force HA to resync config Display individual object
<adom> <device> <vdom>
configuration
Run on master, restart HA initial <category>
diag ha restart-init-sync
sync exec fmpolicy print-adom-
Display entire ADOM database
database <adom_output_file>
FortiManager exec fmpolicy print-adom-
package <adom> Display firewall policies on
Configuration <policy/template> <package> policy package
Currently registered and <category> <object>
diag dvm device list
unregistered devices / VDOMs exec fmpolicy print-adom-object
Display individual ADOM object
Set FMG NATed-IP if setup is <adom> <category>
config system admin setting
behind a firewall / NAT device
set mgmt-addr <FMG NAT-addr>
& disable automatic update on Troubleshooting
set auto-update disable
FGT configuration change & Show keepalive communication
set show_schedule_script enable enable to schedule scripts diag debug application fgfmd 255
including checksum information
diag debug enable and IPS version
config system dm Adjust FGFM tunnel timeouts
set fgfm-sock-timeout <sec> and ttl as well as enable FGT- diag sniff packet any 'port 541' 4 Sniffer for management traffic
set fgfm_keepalive_itvl <sec> reboot recovery logic on tunnel
set rollback-allow-reboot enable disconnect Verify tunnel uptime, display
diag fgfm session-list connecting IP and link-level
config system global addresses.
Enable workspace or workflow
set workspace-mode [disabled / session-based administration diag sys admin-session list Show currently logged-in
normal / per-adom / workflow] diag sys admin-session kill admins and kill command to
<session_id> delete admin with “session_id”
Replacement of devices
diag debug service cdb 255 ADOM upgrade: Show realtime
exec device replace sn diag debug enable debug output during upgrade
Replace device with new device
<devname> <new sn>
exec fmprofile [export-profile /
exec fgfm reclaim-dev-tunnel import-profile] <ADOM name> Perform profile related actions.
Reclaim tunnel (optional)
<optional device name> <profile name> <output file>
exec device replace pw <device real-time info of FGT being
(optional) diag deb appl devmanager 255
name> <password> added in Add-Device-Wizard
diag debug enable
and debug script execution
Backup FortiManager Delete scripts which are
exec fmscript clean-sched
assigned to deleted devices
diag dvm check-integrity
Logoff all admins, unlock
diag cdb check adom-integrity diag test deploymanager Shows info about config reload
ADOMs and create FMG
diag cdb check adom-revision reloadconf <devid> to update device-level db
backup before executing
diag cdb check policy-package
database checks
diag cdb check update-devinfo
check for unexpected, locked
diag dvm lock
proceses Something missing?
diag dvm proc list check for stuck process or task Please contact us for comments, corrections or ideas
regarding our cheat sheet at [email protected]

v1.3 – 24.3.2025 page 2 / 2