oxidized icon indicating copy to clipboard operation
oxidized copied to clipboard
verified publisher icon ytti

Fortigate vDOM backup failing

Open LoveSkylark opened this issue 10 months ago • 1 comments

I'm attempting to back up my FortiGate Firewalls, but I'm encountering the following error:

│ W, [2024-07-05T11:01:20.253418 https://github.com/ytti/oxidized/issues/33] WARN -- : x.x.x.x raised Timeout::Error with msg "execution expired"`

I can successfully back up over 100 other devices from various vendors. The configuration is large, and it takes a few minutes to scroll through the CLI when I run show | grep . manually. I've seen previous discussions about similar issues and have tried those solutions.

Adjusting the timeout doesn't seem to help—it just prolongs the failure.

When using diagnostics on the FortiGate, I notice that the process stalls after entering config global:

SSH: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
cmd=config global
end

SSH: channel 0: rcvd adjust 131072
SSH: channel 0: request [email protected] confirm 1
SSH: channel 0: rcvd adjust 131072
SSH: channel 0: rcvd adjust 131072
SSH: channel 0: rcvd adjust 131072
SSH: channel 0: rcvd adjust 131072

So it looks like the FortiGate is not even getting a request for 'show | grep .'

Increasing the timeout just leads to more occurrences of 'SSH: channel 0: rcvd adjust 131072' before it ultimately fails.

Looking at the 'fortios.rb' code, I see that only these commands are executed:

cfg << cmd('config global') if @vdom_enabled
cfg << cmd('end') if @vdom_enabled

Interestingly, this same setup is successfully backing up configurations from a FortiGate that isn't using vDOMs.

LoveSkylark avatar Feb 28 '25 14:02 LoveSkylark

There are a few things you can do to help to find the problem.

  1. Run oxidized with input.debug: true (https://github.com/ytti/oxidized/blob/master/docs/Configuration.md#debugging) and share the output in /home/oxidized/.config/oxidized/log/<IP-Address>-<PROTOCOL>. Remove anything you don't want to share, but leave as much as possible, as the timeout probably comes from the data input.

  2. Provide a Model Simulation File (https://github.com/ytti/oxidized/blob/master/docs/DeviceSimulation.md / https://github.com/ytti/oxidized/blob/master/docs/Issues.md#sumbit-a-yaml-simulation-file). You will need following command:

extra/device2yaml.rb user@forti -c "get system status
config global
get system ha status
get hardware status
diagnose autoupdate version
end
show | grep .
exit
" -o spec/model/data/fortios:Model_Version_vdom:simulation.yaml

robertcheramy avatar Apr 04 '25 13:04 robertcheramy

This issue is stale because it has been open 90 days with no activity.

github-actions[bot] avatar Jul 04 '25 02:07 github-actions[bot]