DIAGNOSE FORTIGATE HIGH CPU PROBLEM

#diagnose system top 5 10.

Use this command to display:

• up time (Run Time)

• current total processor and memory usage

• current free memory

• a list of the top most resource-intense currently running system processes and daemons, with respect to their memory (RAM) and processor (CPU) usage

The first two lines of the display indicate the up time, and the processor and memory usage. Processor and memory usages on the second line have abbreviated labels, highlighted below in bold.

Run Time: 0 days, 21 hours and 3 minutes

0U, 4S, 95I; 1035792T, 646920F

Table 10: Abbreviations for processor and memory usage
Letter	Description
U	User CPU usage (%)
S	System CPU usage (%)
I	Idle CPU usage (%)
T	Total memory (KB)
F	Free memory (KB)

The remaining lines contain the process list, which has the following columns.

Table 11: Process list columns
Column 1	Column 2	Column 3	Column 4	Column 5
Process name, such as sshd	Process ID (PID) number, such as 731	Status • S: sleeping (idle) • R: running • Z: zombie (crashed) • <: high priority • N: low priority Note: You may be able to restart a zombie process without rebooting. See reload.	CPU usage (%)	Memory usage (%)

While the command is running, you can sort the process list. By default, it is sorted by CPU usage.

• Shift + P: Sort by CPU usage.

• Shift + M: Sort by memory usage.

Process list output is printed to your CLI display until you stop it by pressing either q or Ctrl + C.

CLI# diagnose sys top

Run Time: 13 days, 13 hours and 58 minutes 0U, 0S, 98I; 123T, 25F, 32KF newcli 903 R 0.5 5.5 sshd 901 S 0.5 4.0

Where the codes displayed on the second output line mean the following:

• U is % of user space applications using CPU. In the example, 0U means 0% of the user space applications are using CPU.
• S is % of system processes (or kernel processes) using CPU. In the example, 0S means 0% of the system processes are using the CPU.
• I is % of idle CPU. In the example, 98I means the CPU is 98% idle.
• T is the total FortiOS system memory in Mb. In the example, 123T means there are 123 Mb of system memory.
• F is free memory in Mb. In the example, 25F means there is 25 Mb of free memory.
• KF is the total shared memory pages used. In the example, 32KF means the system is using 32 shared memory pages.

Each additional line of the command output displays information for each of the processes running on the FortiGate unit. For example, the third line of the output is:

newcli 903 R 0.5 5.5

Where:

• newcli is the process name. Other process names can include ipsengine, sshd, cmdbsrv, httpsd, scanunitd, and miglogd.
• 903 is the process ID. The process ID can be any number.
• R is the state that the process is running in. The process state can be: o R running. o S sleep. o Z zombie. o D disk sleep.
• 0.5 is the amount of CPU that the process is using. CPU usage can range from 0.0 for a process that is sleeping to higher values for a process that is taking a lot of CPU time.
• 5.5 is the amount of memory that the process is using. Memory usage can range from 0.1 to 5.5 and higher.

Interactive diagnose sys top commands

You can enter the following single-key commands when diagnose sys top is running.

• Press q to quit.
• Press c to sort the processes by the amount of CPU that the processes are using.
• Press m to sort the processes by the amount of memory that the processes are using.

Stopping running processes

You can use the following command to stop running processes:

diagnose sys kill

Where:

• signal can be any number but 11 is preferred because this signal sends output to the crashlog which can be used by Fortinet Support to troubleshoot problems.
• process id is the process ID listed by the diagnose sys top command.

For example, to stop the process with process ID 903, enter the following command:

diagnose sys kill 11 903

The most common command that we issue to deal with the IPS Engine running high is the following which restarts the IPS process:

# diag test application ipsmonitor 99