Fortigate got some very good diagnostics on there firewalls. There is a hole branch of the command tree, that starts with
diagnose or short diag
One of the commands often used is
diag sys top [refresh] [number of processes]
This command keeps running like the ‘top’ command on Unix like systems. As options you can specify the refresh time in seconds and the number of processes to be displayed.
The output on Fortinet is something like:
Run Time: 47 days, 7 hours and 8 minutes
5U, 0N, 1S, 94I, 0WA, 0HI, 0SI, 0ST; 1867T, 1183F
cu_acd 153 S 9.3 0.4
httpsd 19863 S 3.4 1.0
httpsd 2683 S 3.4 0.9
cu_acd 31426 S 2.9 0.3
cw_acd 150 S 2.4 1.4
src-vis 23593 S 0.4 0.4
hatalk 132 S < 0.4 0.3
fortilinkd 152 S 0.4 0.2
newcli 31425 R 0.4 0.2
insmod 83 S 0.4 0.0
miglogd 114 S 0.0 1.6
cmdbsvr 93 S 0.0 1.5
miglogd 176 S 0.0 1.5
miglogd 177 S 0.0 1.5
pyfcgid 25348 S 0.0 1.1
pyfcgid 25354 S 0.0 0.9
forticron 123 S 0.0 0.9
pyfcgid 25352 S 0.0 0.9
httpsd 116 S 0.0 0.8
pyfcgid 25353 S 0.0 0.7
While the line ‘Run Time’ is quite obvious, the next line is quite cryptic.
The next line, with 5U, 0N, 1S, 94I, 0WA … means
U – Userspace CPU usage in %
N – Nice Processes (higher priority) in %
S – CPU usage in % of System processes (Kernel)
I – CPU idle in %
WA – IO wait in %
The second part of this line informs about memory usage:
1867T – you got a total of 1867MB memory
1183F – there are still 1183MB free memory
138KF – the amount of shared memory pages used (only one 32bit systems)
The line ‘newcli 31425 R 0.4 0.2‘ tells you:
newcli – the name of the process
31425 – the process ID
R – Running, can also be S like sleeping
0.4 – using 0.4% CPU
0.2 – using 0.2% of the memory
It is possible to sort the output:
Shift-P: Highest CPU usage on top
Shift-M: Highest Memory usage on top