diag debug flow trace start
Denne kommandoen returnerer hvordan pakker «flyter gjennom» en FortiGate.
Eksempel:
diag debug enable diag debug flow filter <option> diag debug flow show function-name enable diag debug flow show console enable diag debug flow trace start 100
filter <option> filtrerer output:
addr | ip address |
clear | clear filter |
daddr | dest ip address |
dport | destination port |
negate | inverse filter |
port | port |
proto | protocol number |
saddr | source ip address |
sport | source port |
vd | index of virtual domain, -1 matches all |
Når du er ferdig:
diag debug disable
Kan returnere:
id=20085 trace_id=6228 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33ee, original direction" id=20085 trace_id=6228 func=__ip_session_run_tuple line=1563 msg="SNAT 192.168.10.230->195.1.208.62:38698" id=20085 trace_id=6229 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.230:45096->195.139.129.149:80) from local." id=20085 trace_id=6229 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33ee, original direction" id=20085 trace_id=6229 func=__ip_session_run_tuple line=1563 msg="SNAT 192.168.10.230->195.1.208.62:38698" id=20085 trace_id=6230 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.230:45096->195.139.129.149:80) from internal." id=20085 trace_id=6230 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33ee, original direction" id=20085 trace_id=6231 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from internal." id=20085 trace_id=6231 func=resolve_ip_tuple line=2924 msg="allocate a new session-000b33f9" id=20085 trace_id=6231 func=vf_ip4_route_input line=1597 msg="find a route: gw-195.1.208.57 via wan1" id=20085 trace_id=6231 func=get_new_addr line=1240 msg="find SNAT: IP-195.1.208.62, port-38704" id=20085 trace_id=6231 func=fw_forward_handler line=320 msg="Allowed by Policy-1: AV SNAT" id=20085 trace_id=6232 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from internal." id=20085 trace_id=6232 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6233 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from internal." id=20085 trace_id=6233 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6234 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from local." id=20085 trace_id=6234 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6234 func=__ip_session_run_tuple line=1563 msg="SNAT 192.168.10.16->195.1.208.62:38704" id=20085 trace_id=6235 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from local." id=20085 trace_id=6235 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6235 func=__ip_session_run_tuple line=1563 msg="SNAT 192.168.10.16->195.1.208.62:38704" id=20085 trace_id=6236 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from local." id=20085 trace_id=6236 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6236 func=__ip_session_run_tuple line=1563 msg="SNAT 192.168.10.16->195.1.208.62:38704" id=20085 trace_id=6237 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from local." id=20085 trace_id=6237 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6237 func=__ip_session_run_tuple line=1563 msg="SNAT 192.168.10.16->195.1.208.62:38704" id=20085 trace_id=6238 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from local." id=20085 trace_id=6238 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6238 func=__ip_session_run_tuple line=1563 msg="SNAT 192.168.10.16->195.1.208.62:38704" id=20085 trace_id=6239 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from internal." id=20085 trace_id=6239 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6240 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from internal." id=20085 trace_id=6240 func=resolve_ip_tuple_fast line=2852 msg="Find an existing session, id-000b33f9, original direction" id=20085 trace_id=6241 func=resolve_ip_tuple_fast line=2825 msg="vd-root received a packet(proto=6, 192.168.10.16:41871->87.238.54.158:80) from local."