diff --git a/cheat-sheets/Fortianalyzer-debug-cheat-sheet.adoc b/cheat-sheets/Fortianalyzer-debug-cheat-sheet.adoc index 5496104..bc34699 100755 --- a/cheat-sheets/Fortianalyzer-debug-cheat-sheet.adoc +++ b/cheat-sheets/Fortianalyzer-debug-cheat-sheet.adoc @@ -59,7 +59,19 @@ |*dia dvm check-integrity* |Check objects db integrity. +|*diagnose sql show db-size* +|Show SQL database size, when DB is online and accessible will show non 0 size. +|*diagnose sql process list* +|Connect to the SQ DB and query for its process properties. If the output is empty or +error - means DB is not running/not available. + +|*diag debug application sqlplugind 8* +|Enable debug to see if Postgres is running, when it is the output will include something +like "DEBUG: sqlplugind(28137):pgsvr_main.c:132: postgres is running..." + +|*diag debug klog* +|Read kernel messages buffer with Syslog-based severity levels. |=== @@ -69,6 +81,9 @@ |Command |Description +|*exec log fortianalyzer test-connectivity* +|Run on Fortigate, tests connectivity to FAZ in real-time + |*diagnose system print netstat* |Show established connections to the Fortianalyzer, as well as listening ports. Every logging device can (and usually does) have multiple connections established. @@ -93,6 +108,18 @@ |*diagnose sniffer packet any "port 514"* |Sniff all packets to/from port 514 used by Fortianalyzer to receive logs from remote devices. +|*diagnose fmnetwork arp list* +|Show ARP table of the FAZ + +|*diagnose fmnetwork interface list* +|Show FAZ interfaces with errors, MTU, IP address, analog of ipconfig in Linux. + +|*diag test app fortilogd 99* +|Restart the daemon responsible for accepting logs from devices + +|*diag test app sqllogd 99* +|Restart daemon responsible for inserting logs into SQL db. + |=== @@ -175,9 +202,35 @@ VM FAZ. |Show report on Virtual Machine license: whether valid or not, type, licensed storage volume, licensed log receive rate, licensed maximum device count. |*dia license list* -|List all applied lcienses on this FAZ. +|List all applied licenses on this FAZ. + +|*get system loglimits* +|Show system limits in accepting logs |=== +== Rebuilding Database +[cols=2, options="header"] +|=== +|Command +|Description +|*execute sql-local rebuild-db* +|Start rebuilding the database, will cause FAZ reboot + +|*execute sql-local rebuild-adom * +|Rebuild db of a specific ADOM, does not cause FAZ reboot. + +|*diag sql status rebuild-db* +|Get real-time status of rebuilding. On completion will output "Rebuilding all database +accomplished on". + +|*diagnose sql remove rebuild-db-flag* +|Stop the rebuilding. In case it takes too long/stucks the process. + +|*config sys sql / set start-time 00:00 2000/01/01* +|Change how much data to include in new rebuilt database, following with `exe sql-local +rebuild-db` + +|=== diff --git a/cheat-sheets/nslookup-commands-cheat-sheet.adoc b/cheat-sheets/nslookup-commands-cheat-sheet.adoc index f9a534e..8698986 100644 --- a/cheat-sheets/nslookup-commands-cheat-sheet.adoc +++ b/cheat-sheets/nslookup-commands-cheat-sheet.adoc @@ -2,6 +2,7 @@ :homepage: https://github.com/yuriskinfo/cheat-sheets :toc: +Author: Yuri Slobodyanyuk, https://yurisk.info NOTE: All the commands below are for the Interactive mode. @@ -17,8 +18,11 @@ NOTE: All the commands below are for the Interactive mode. |*set all* |Show current settings for the session, useful to show what the `nslookup` is actually going to do on the next query. +|*set norecurse* +|Disable recursive querying. Useful when checking if a specific DNS can answer the query without recursively asking other DNS servers. Use `set recurse` to enable it back. + |*set ty=_Record-type-to-query-for_* -|Sets the record `type` you want to query. E.g. `set ty=MX` - all following queries will ask for MX record only, until changed again with `set ty=...`. Available types A, AAAA, MX, TXT, SOA, CNAME, etc. as per DNS protocol. +|Sets the record `type` you want to query. E.g. `set ty=MX` - all following queries will ask for MX record only, until changed again with `set ty=...`. Available types A, AAAA, ANY, MX, TXT, SOA, CNAME, etc. as per DNS protocol. The default type, if not set otherwise is A/AAAA. |*_domain_* |Query the domain _domain_ for the value of the record type set previously via `set ty=...` or A record by default. @@ -35,6 +39,9 @@ Address: 8.8.8.8#53 |*set debug/nodebug* |Enable verbose output of what the `nslookup` is actually doing (*debug*), or disable *nodebug* (default). Shows what server is being queried, additional records, whether the server is authoritative or not. +|*set no* +|Unset any option you previously set. E.g. to disable recursive query: `set norecurse`. There is no space between the "no" and the option name. Use `set