sk63560 - How to run complete VPN debug on Security Gateway to troubleshoot VPN issues? gives:

Enable VPND and IKE debug:

[Expert@HostName]# vpn debug trunc
[Expert@HostName]# vpn debug on TDERROR_ALL_ALL=5

---

Stop VPND and IKE debug:

[Expert@HostName]# vpn debug off
[Expert@HostName]# vpn debug ikeoff

So would I be right to assume that vpn debug off TDERROR_ALL_ALL=0 is "discontinued" and that vpn debug off is to be used? sk89940 also refers to vpn debug off TDERROR_ALL_ALL=0 so unless my syntax is wrong or I'm missing a hotfix the documentation should be updated?

Anytime you invoke a debug command like this with TDERROR_ALL_ALL=5, you should always include TDERROR_ALL_ALL=0 when you turn it back off.  Failure to do so seems to still leave some extra debugging enabled, have noticed this effect with fwm in particular.

That's what I thought but it obviously didn't work for me so I was wondering whether I was doing something wrong or whether the said way of turning vpn debugging off is discontinued.

In your original post you said you were using "vpn debug off TDERROR_ALL_ALL=5" which is incorrect.  The SK you reference uses "vpn debug off TDERROR_ALL_ALL=0" which is correct.  Even after running this latter command, there will still be some slight debugging dumped into $FWDIR/log/vpnd.elg by default, even if debug has been properly disabled.

I think I mistyped the original question which I will rectify now but if you look at the screenshot attached you can see what I mean.