This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamilazat
Advisor
‎2025-01-16 02:40 AM
Jump to solution

What is ASYNC_TRACE_LOG?

Hello everyone!

For troubleshooting DynamicID problems, TAC provided us with vpn debug instructions as usual. Everything is mostly clear, but there was this step:

[Expert@HostName]# export ASYNC_TRACE_LOG=1

I tried to look it up to understand what logs it exports, or what ASYNC there refers to, but searches didn't return anything.

I want to associate it with the word 'asynchronous' but can't really imagine what's being asynchronous.

All illuminations are more than welcome.

Cheers!

1 Solution

Accepted Solutions
kamilazat
Advisor
3 weeks ago
Jump to solution

@the_rock @PhoneBoy Here's the answer I got from TAC. Seems pretty explanatory.

The command export ASYNC_TRACE_LOG=1 is used to enable asynchronous trace logging for DynamicID communication on a Check Point gateway. This is particularly useful for debugging issues related to DynamicID, where standard traffic captures are not effective due to HTTPS/SSL encryption.

Context and Usage

When dealing with DynamicID issues, it is often necessary to understand the communication between the gateway and an SMS provider. The export ASYNC_TRACE_LOG=1 command enables detailed trace logging for this communication, allowing administrators to capture and analyze the relevant logs.

In the context of the export ASYNC_TRACE_LOG=1 command, "asynchronous" refers to the method of logging where the trace logs are collected and written to the log files in a non-blocking manner. This means that the logging process does not interfere with the main operations of the system, allowing the system to continue functioning normally while the logs are being collected.

Key Points of Asynchronous Logging

Non-Blocking Operation:

Asynchronous logging ensures that the logging process does not block or delay the main operations of the system. This is crucial for maintaining the performance and responsiveness of the system, especially under high load conditions.

Parallel Processing:

The logging process runs in parallel with the main operations, allowing logs to be collected and written to the log files without interrupting the primary tasks of the system.

Efficiency:

Asynchronous logging is generally more efficient than synchronous logging because it minimizes the impact on system performance. The main operations do not have to wait for the logging process to complete before continuing.

Trace Logs for DynamicID:

In the specific case of the export ASYNC_TRACE_LOG=1 command, asynchronous logging is used to collect detailed trace logs for DynamicID communication. This is particularly useful for debugging issues related to DynamicID, where standard traffic captures are not effective due to HTTPS/SSL encryption.


How It Works

When you enable asynchronous trace logging with the export ASYNC_TRACE_LOG=1 command, the system starts collecting trace logs for DynamicID communication in an asynchronous manner. These logs are then written to the specified log directory without blocking the main operations of the system.

 

Example Usage

Enable Asynchronous Trace Logging:

export ASYNC_TRACE_LOG=1
cprestart

Log Location:

The trace logs will be generated in the following directory:
$CPDIR/log/username.#####.#####.######.#####

Disable Asynchronous Trace Logging:

export ASYNC_TRACE_LOG=0
cprestart

By using asynchronous trace logging, administrators can collect detailed logs for troubleshooting and debugging without significantly impacting the performance of the system.

View solution in original post

(1)
14 Replies
PhoneBoy
Admin
Admin
‎2025-01-16 07:52 AM
Jump to solution

I see a reference to this environment variable in an internal SK, but, unfortunately, not a lot of details about what it captures except it's relevant to capturing DynamicID-related logs. 

0 Kudos
kamilazat
Advisor
3 weeks ago
In response to PhoneBoy
Jump to solution

There really seems to be nothing about it. Can it be the logs from the processes that are not directly related to VPN? Like maybe additional Nat-T or other traffic logs, or logs from 'surrounding' related processes?

0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago
In response to kamilazat
Jump to solution

Usually when you're setting an environment variable as part of a debug procedure, it's meant to impact specific userspace processes.
The only thing the internal SK says is that it is related to DynamicID specifically, revealing the communication stream between the gateway and the SMS provider.
You can see what it collects in log files here: $CPDIR/log/username.#####.#####.######.##### 

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to kamilazat
Jump to solution

Did you ask TAC about it?

Andy

0 Kudos
kamilazat
Advisor
3 weeks ago
In response to the_rock
Jump to solution

I will definitely ask it next time as the ticket is already closed. TAC doesn't waste time there 🙂

the_rock
Legend
Legend
3 weeks ago
In response to kamilazat
Jump to solution

K, fair enough 🙂

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to kamilazat
Jump to solution

For what its worth, here is chatgpt answer 🙂

Andy

*********************

What is ASYNC_TRACE_LOG?
ChatGPT said:
ChatGPT

ASYNC_TRACE_LOG is not a widely recognized or standardized term, but it likely refers to an asynchronous logging mechanism used for tracing events in a software system.

Possible Meanings:

  1. Asynchronous Tracing Log (General Concept)

    • In many applications, especially high-performance or multi-threaded systems, logging asynchronously helps reduce performance overhead.
    • It may be used in debugging or monitoring to track events occurring asynchronously in an application.

  2. Specific to a Framework or Library

    • Some frameworks or programming languages might have an ASYNC_TRACE_LOG feature. For example:
      • C++/Python/JavaScript: Could be part of a custom logging framework.
      • Game engines (Unity, Unreal Engine, etc.): Might refer to an internal debugging tool.
      • Operating Systems (Linux, Windows): Some tracing mechanisms (e.g., ftrace, ETW) could use similar terminology.

  3. Google Chrome/Tracing Logs

    • If related to Chrome Developer Tools, TRACE_LOG is used to capture debugging events, including async operations.

Would you like me to check if ASYNC_TRACE_LOG is part of a specific framework or technology you're using?

0 Kudos
kamilazat
Advisor
3 weeks ago
In response to the_rock
Jump to solution

Haha I love the way you also pasted the question 🙂

I also asked Claude and it said "The "ASYNC" in the name refers to asynchronous operations - events that don't happen in a strictly sequential order but rather in parallel or at different times."

Do you think I can open a technical SR only for this question?

the_rock
Legend
Legend
3 weeks ago
In response to kamilazat
Jump to solution

Does not hurt to ask 🙂

0 Kudos
the_rock
Legend
Legend
‎2025-01-16 06:34 PM
Jump to solution

This is an answer from Copilot AI...I also learned something new, never seen this before.

Andy

********************

TheASYNC_TRACE_LOGis a feature used in Check Point systems to enable asynchronous tracing of log messages. This feature is particularly useful for debugging and monitoring purposes, as it allows the system to log trace messages asynchronously, which can help in identifying and resolving issues without significantly impacting the performance of the system.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-17 06:54 AM
In response to the_rock
Jump to solution

As there is no public documentation on this environment variable, that might be a hallucination. 🙂

0 Kudos
the_rock
Legend
Legend
‎2025-01-17 06:54 AM
In response to PhoneBoy
Jump to solution

haha, maybe 🙂

0 Kudos
kamilazat
Advisor
3 weeks ago
Jump to solution

@the_rock @PhoneBoy Here's the answer I got from TAC. Seems pretty explanatory.

The command export ASYNC_TRACE_LOG=1 is used to enable asynchronous trace logging for DynamicID communication on a Check Point gateway. This is particularly useful for debugging issues related to DynamicID, where standard traffic captures are not effective due to HTTPS/SSL encryption.

Context and Usage

When dealing with DynamicID issues, it is often necessary to understand the communication between the gateway and an SMS provider. The export ASYNC_TRACE_LOG=1 command enables detailed trace logging for this communication, allowing administrators to capture and analyze the relevant logs.

In the context of the export ASYNC_TRACE_LOG=1 command, "asynchronous" refers to the method of logging where the trace logs are collected and written to the log files in a non-blocking manner. This means that the logging process does not interfere with the main operations of the system, allowing the system to continue functioning normally while the logs are being collected.

Key Points of Asynchronous Logging

Non-Blocking Operation:

Asynchronous logging ensures that the logging process does not block or delay the main operations of the system. This is crucial for maintaining the performance and responsiveness of the system, especially under high load conditions.

Parallel Processing:

The logging process runs in parallel with the main operations, allowing logs to be collected and written to the log files without interrupting the primary tasks of the system.

Efficiency:

Asynchronous logging is generally more efficient than synchronous logging because it minimizes the impact on system performance. The main operations do not have to wait for the logging process to complete before continuing.

Trace Logs for DynamicID:

In the specific case of the export ASYNC_TRACE_LOG=1 command, asynchronous logging is used to collect detailed trace logs for DynamicID communication. This is particularly useful for debugging issues related to DynamicID, where standard traffic captures are not effective due to HTTPS/SSL encryption.


How It Works

When you enable asynchronous trace logging with the export ASYNC_TRACE_LOG=1 command, the system starts collecting trace logs for DynamicID communication in an asynchronous manner. These logs are then written to the specified log directory without blocking the main operations of the system.

 

Example Usage

Enable Asynchronous Trace Logging:

export ASYNC_TRACE_LOG=1
cprestart

Log Location:

The trace logs will be generated in the following directory:
$CPDIR/log/username.#####.#####.######.#####

Disable Asynchronous Trace Logging:

export ASYNC_TRACE_LOG=0
cprestart

By using asynchronous trace logging, administrators can collect detailed logs for troubleshooting and debugging without significantly impacting the performance of the system.

(1)
the_rock
Legend
Legend
3 weeks ago
In response to kamilazat
Jump to solution

Excellent!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events