Monday, September 15, 2014

Exploring the diag stats fortigate

Fortinet has always been a leader with regards to application identification statistics. In this post we will look at  obtain  statistical information by using  the diag stat  command from the cli.

The command has a limited set of options;


DAFWFGT800 # diag stat
app-bandwidth     applications by bandwidth of last minute
app-stat-clear    clear application statistics
app-usage-ip      per ip usage of application
per-ip-bw         top bandwidth by IP address
 

Typically one will execute the app-bandwidth to get a general overview of traffic statistics.

e.g


 Note: I  highlighted a few fields such as ;

 application id 
sessions counts
bps 
application name

With this diag cmd, you can specify the  app-id if known for statis on that application.


With the count option, you can now get statistics by address.


By using the per-ip option we can list of the top talkers;



This command can be creative and helpful with traffic status and counts.



Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \
Posted by at

2 comments:

  1. Chelly YoussefMarch 13, 2017 at 5:26 AM

    Hi,

    after i execute “diagnose stats app-stat-clear” and then “diagnose stats app-bandwidth”, i have a blank result …

    what can i do to have a result like this ?
    app=”SSL” appid=15895 total-sessions=59 bps=404657 bytes=404657
    app=”HTTP.BROWSER” appid=15893 total-sessions=50 bps=45220 bytes=45220
    app=”HTTP.BROWSER_Firefox” appid=34050 total-sessions=2 bps=4737 bytes=4737
    ………
    ………

    thanks,

    ReplyDelete
  2. penang islandOctober 3, 2017 at 8:26 PM

    Is this command diagnose stats applicable to fortigate model 80e?

    Thanks

    ReplyDelete

Subscribe to: Post Comments (Atom)