diag sys top – List processes on a FortiGate

Fortigate got some very good diagnostics on there firewalls. There is a hole branch of the command tree, that starts with

diagnose or short diag

One of the commands often used is

diag sys top [refresh] [number of processes]

This command keeps running like the ‘top’ command on Unix like systems. As options you can specify the refresh time in seconds and the number of processes to be displayed.

The output on Fortinet is something like:

Run Time:  47 days, 7 hours and 8 minutes
5U, 0N, 1S, 94I, 0WA, 0HI, 0SI, 0ST; 1867T, 1183F
          cu_acd      153      S       9.3     0.4
          httpsd    19863      S       3.4     1.0
          httpsd     2683      S       3.4     0.9
          cu_acd    31426      S       2.9     0.3
          cw_acd      150      S       2.4     1.4
         src-vis    23593      S       0.4     0.4
          hatalk      132      S <     0.4     0.3
      fortilinkd      152      S       0.4     0.2
          newcli    31425      R       0.4     0.2
          insmod       83      S       0.4     0.0
         miglogd      114      S       0.0     1.6
         cmdbsvr       93      S       0.0     1.5
         miglogd      176      S       0.0     1.5
         miglogd      177      S       0.0     1.5
         pyfcgid    25348      S       0.0     1.1
         pyfcgid    25354      S       0.0     0.9
       forticron      123      S       0.0     0.9
         pyfcgid    25352      S       0.0     0.9
          httpsd      116      S       0.0     0.8
         pyfcgid    25353      S       0.0     0.7

While the line ‘Run Time’ is quite obvious, the next line is quite cryptic.

The next line, with 5U, 0N, 1S, 94I, 0WA … means

U – Userspace CPU usage in %

N – Nice Processes (higher priority) in %

S – CPU usage in % of System processes (Kernel)

I – CPU idle in %

WA – IO wait in %

The second part of this line informs about memory usage:

1867T – you got a total of 1867MB memory

1183F – there are still 1183MB free memory

138KF – the amount of shared memory pages used (only one 32bit systems)

The line ‘newcli 31425 R 0.4 0.2‘ tells you:

newcli – the name of the process

31425 – the process ID

R – Running, can also be S like sleeping

0.4 – using 0.4% CPU

0.2 – using 0.2% of the memory

 

It is possible to sort the output:

Shift-P: Highest CPU usage on top

Shift-M: Highest Memory usage on top

 

⇒More FortiGate troubleshooting

Close Menu