■FortigateのCLIコマンド[diagnose debug report]の中身について
[diagnose debug report]コマンドは、様々な組み込みのコマンドを集めたものなので、
知りたい箇所を個別に確認する切り口になる。
■FortOSはgrepも使えるし、「\|」でエスケープした「or」も使える。
Version: FortiGate-80C v5.0,build0252,131031 (GA Patch 5)
■「show full-configuration」と知りたいコマンドを組み合わせると
設定可能な設定値が分かる。
例えば、日本語、タイムゾーンは設定済みなら、「show system global」で確認出来る。
未設定
set language japanese
set timezone 60
■以下のコマンドでリセットすると、[show system global]では設定が表示されなくなる。
config system global
unset language
unset timezone
end
■「show system global」で未設定でも、
「show full-configuration」を組み合わせると確認出来る。
例えば、「set source-ip 0.0.0.0」も設定した方が良いかも。等の発見が出来る。
set language english
set timezone 00
config system dns
set primary 192.168.1.1
set secondary 0.0.0.0
set domain ''
set ip6-primary ::
set ip6-secondary ::
set dns-cache-limit 5000
set dns-cache-ttl 1800
set cache-notfound-responses disable
set source-ip 0.0.0.0
end
■「diagnose debug report」コマンドの出力先は標準出力だけでは無く、
「2>&1」等も受け付けないので、綺麗には取得できない。
Linuxからのアクセスならscriptで以下の様に出来る。
上記のようなヒントが詰まっているので、参考にしたい。
$ script debug_report.log
$ sudo screen /dev/ttyS0
...
■その結果が以下。
$ grep ^# debug_report.log | cut -c 5-
get system status
get system performance status
show system interface
diagnose ip address list
show full-configuration system dns
show full-configuration system global
show full-configuration system settings
diagnose hardware lspci -v
get hardware cpu
get hardware memory
diagnose hardware sysinfo shm
diagnose ip arp list
get router info kernel
diagnose ip router command show show int
diagnose ipv6 address list
diagnose ipv6 neighbor-cache list
diagnose ipv6 route list
diagnose ipv6 ipv6-tunnel list
diagnose ipv6 sit-tunnel list
diagnose ips anomaly list
diagnose ips anomaly status
diagnose ips dissector status
diagnose ips packet status
diagnose ips raw status
get ips session
diagnose sys session6 stat
get system auto-update status
get system auto-update versions
diagnose test update info
diagnose sys flash list
diagnose sys logdisk smart
diagnose sys logdisk status
show full-configuration system ha
diagnose sys ha status
diagnose sys ha showcsum
diagnose sys ha hadiff status
diagnose sys ha dump-by all-vcluster
diagnose sys ha dump-by rcache
diagnose sys ha dump-by all-group
diagnose sys ha dump-by memory
diagnose sys ha dump-by debug-zone
diagnose sys ha dump-by vdom
diagnose sys ha dump-by kernel
diagnose sys ha dump-by device
get sys session-info statistics
get system session-info ttl
get system session-helper-info list
diagnose netlink brctl list
diagnose netlink device list
diagnose firewall fqdn list
diagnose firewall iplist list
diagnose firewall ipmac list
diagnose firewall ipmac status
diagnose firewall iprope state
diagnose firewall iprope6 state
get firewall proute
diagnose firewall schedule list
get system performance firewall statistics
get router info routing-table all
get router info routing-table database
get vpn ipsec stats crypto
get vpn ipsec tunnel details
get vpn status ssl list
get webfilter ftgd-statistics
get webfilter status
diagnose spamfilter fortishield statistics list
diagnose spamfilter fortishield servers
get hardware nic dmz
get hardware nic internal
get hardware nic wan2
get hardware nic wan1
get hardware nic eth0
get test proxyacceptor 1
get test proxyacceptor 4
get test proxyworker 1
get test proxyworker 4
get test proxyworker 4444
get test http 444
get test http 11
get test imap 444
get test nntp 444
get test pop3 444
get test smtp 444
get test ftpd 444
get test scanunit 4
get test urlfilter 10
diagnose imp2p stats mem full
diagnose imp2p stats proto
diagnose imp2p session list
diagnose imp2p redirect dns list
diagnose imp2p redirect range list
diagnose sys sip-proxy filter clear
diagnose sys sip-proxy redirect list
diagnose sys sip-proxy config list
diagnose sys sip-proxy config profiles
diagnose sys sip-proxy meters list
diagnose sys sip-proxy stats proto
diagnose sys sip-proxy stats call
diagnose sys sip-proxy stats udp
diagnose sys sip-proxy calls idle
diagnose sys sip-proxy session list
diagnose sys sccp-proxy stats list
diagnose sys sccp-proxy phone list
get test ipsmonitor 1
get test ipsmonitor 3
get test radiusd 5
diagnose debug crashlog read
