Monday, September 15, 2014

Exploring the diag stats fortigate

Fortinet has always been a leader with regards to application identification statistics. In this post we will look at  obtain  statistical information by using  the diag stat  command from the cli.

The command has a limited set of options;

DAFWFGT800 # diag stat
app-bandwidth     applications by bandwidth of last minute
app-stat-clear    clear application statistics
app-usage-ip      per ip usage of application
per-ip-bw         top bandwidth by IP address

Typically one will execute the app-bandwidth to get a general overview of traffic statistics.


Note: I  highlighted a few fields such as ;

application id 
sessions counts
application name

With this diag cmd, you can specify the  app-id if known for statis on that application.

With the count option, you can now get statistics by address.

By using the per-ip option we can list of the top talkers;

This command can be creative and helpful with traffic status and counts.

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \


  1. Hi,

    after i execute “diagnose stats app-stat-clear” and then “diagnose stats app-bandwidth”, i have a blank result …

    what can i do to have a result like this ?
    app=”SSL” appid=15895 total-sessions=59 bps=404657 bytes=404657
    app=”HTTP.BROWSER” appid=15893 total-sessions=50 bps=45220 bytes=45220
    app=”HTTP.BROWSER_Firefox” appid=34050 total-sessions=2 bps=4737 bytes=4737


  2. Is this command diagnose stats applicable to fortigate model 80e?