This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Nick_Doropoulos
Advisor
‎2019-03-26 03:19 AM

vpn debug off TDERROR_ALL_ALL=0

I recently noticed that when trying to turn off vpn debug off TDERROR_ALL_ALL=0 it doesn't really work (see screenshot attached).

 

The gateway is R80.10 and sks such as sk84561 definitely recommend the tried syntax. 

 

Has anybody seen this before?

 

Thanks.

 

 

Preview file
14 KB
0 Kudos
Reply
6 Replies
G_W_Albrecht
Champion
Champion
‎2019-03-26 03:33 AM

sk63560 - How to run complete VPN debug on Security Gateway to troubleshoot VPN issues? gives:

Enable VPND and IKE debug:

[Expert@HostName]# vpn debug trunc
[Expert@HostName]# vpn debug on TDERROR_ALL_ALL=5

---

Stop VPND and IKE debug:

[Expert@HostName]# vpn debug off
[Expert@HostName]# vpn debug ikeoff

0 Kudos
Reply
Nick_Doropoulos
Advisor
‎2019-03-26 03:41 AM
In response to G_W_Albrecht

So would I be right to assume that vpn debug off TDERROR_ALL_ALL=0 is "discontinued" and that vpn debug off is to be used? sk89940 also refers to vpn debug off TDERROR_ALL_ALL=0 so unless my syntax is wrong or I'm missing a hotfix the documentation should be updated?

0 Kudos
Reply
Timothy_Hall
Champion
Champion
‎2019-03-26 04:31 AM

Anytime you invoke a debug command like this with TDERROR_ALL_ALL=5, you should always include TDERROR_ALL_ALL=0 when you turn it back off.  Failure to do so seems to still leave some extra debugging enabled, have noticed this effect with fwm in particular.

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Nick_Doropoulos
Advisor
‎2019-03-26 04:34 AM
In response to Timothy_Hall

That's what I thought but it obviously didn't work for me so I was wondering whether I was doing something wrong or whether the said way of turning vpn debugging off is discontinued.

0 Kudos
Reply
Timothy_Hall
Champion
Champion
‎2019-03-26 04:40 AM
In response to Nick_Doropoulos

In your original post you said you were using "vpn debug off TDERROR_ALL_ALL=5" which is incorrect.  The SK you reference uses "vpn debug off TDERROR_ALL_ALL=0" which is correct.  Even after running this latter command, there will still be some slight debugging dumped into $FWDIR/log/vpnd.elg by default, even if debug has been properly disabled.

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Nick_Doropoulos
Advisor
‎2019-03-26 04:43 AM
In response to Timothy_Hall

I think I mistyped the original question which I will rectify now but if you look at the screenshot attached you can see what I mean.

0 Kudos
Reply