Zdebug drop script

the_rock

This script does exact same thing as if you were to run the actual command itself, but, PLEASE be careful, because this one does generic debug, not grep for any IP address. dos2unix and chmod 777 required to run it. MAKE SURE to run fw ctl debug 0 afterwards to turn the debugs off.

See the output from my lab fw:

[Expert@CP-GW:0]# ./cp_watch_drops.sh
Defaulting all kernel debugging options, may take a while
Debug state was reset to default.
PPAK 0: Get before set operation succeeded of simple_debug_filter_off
Initialized kernel debugging buffer to size 1023K
Updated debug variable for module fw
Kernel debugging buffer size: 1023KB
HOST:
Module: kiss
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: kissflow
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: fw
Enabled Kernel debugging options: drop
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: h323
Enabled Kernel debugging options: error
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: cpcode
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: upconv
Enabled Kernel debugging options: error warning info
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: WS_SIP
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: crypto
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: multik
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: PSL
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: CPAS
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: UDP_IS
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: seqvalid
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: synatk
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: MUX
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: CPSSH
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: fg
Enabled Kernel debugging options: error
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: UC
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: dlpk
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: dlpuk
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: SDWAN
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: cpconntim
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: gtp
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: VPN
Enabled Kernel debugging options: err
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
HOST:
Module: WSIS
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: UPIS
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: cmi_loader
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: NRB
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: SGEN
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: RAD_KERNEL
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: WS
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: APPI
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: UP
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: MALWARE
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: UCA
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: CI
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: SFT
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: ICAP_CLIENT
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: FILEAPP
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: dlpda
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: FILE_SECURITY
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: TPUTILS
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: ZPH
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: DOMO
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: SDWANRB
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: IDAPI
Enabled Kernel debugging options: None

-----------------------------------------------------
HOST:
Module: RTM
Enabled Kernel debugging options: err
Messaging threshold set to type=Info freq=Common

-----------------------------------------------------
SecureXL Debug Flags

Module: default (0)

Module: db (0)

Module: api (0)

Module: pkt (0)

Module: infras (0)

Module: tmpl (0)

Module: vpn (0)

Module: nac (0)

Module: cpaq (0)

Module: synatk (0)

Module: adp (0)

Module: dos (0)

Module: gtp (0)

Module: sdwan (0)

Module: usdisp (0)

Module: exl (0)

Module: dpdk_lib (0)

Module: dpdk_pmd (0)

Module: dpdk_other (0)

-----------------------------------------------------
VPN Simple Debug Filter Not Activated
-----------------------------------------------------
Simple Debug Filter Not Activated
-----------------------------------------------------
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;0.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start
@;1.0;kiss_debug_report: start

^C
Next time perform for exit: "fw ctl debug 0"

Defaulting all kernel debugging options, may take a while
Debug state was reset to default.
PPAK 0: Get before set operation succeeded of simple_debug_filter_off
[Expert@CP-GW:0]#
[Expert@CP-GW:0]#
[Expert@CP-GW:0]#
[Expert@CP-GW:0]#
[Expert@CP-GW:0]#
[Expert@CP-GW:0]#
[Expert@CP-GW:0]#
[Expert@CP-GW:0]#
[Expert@CP-GW:0]# fw ctl debug 0
Defaulting all kernel debugging options, may take a while
Debug state was reset to default.
PPAK 0: Get before set operation succeeded of simple_debug_filter_off
[Expert@CP-GW:0]#

Best,
Andy

Timothy_Hall

You may want to add a "+" to the command like this: fw ctl zdebug + drop. Without the +, drops that occur on the SND cores will not appear; only drops on the Firewall Workers (mainly from rules being hit with a Drop action) will appear. Drops almost always happen on the Firewall Worker cores. Packet drops in the Check Point SecureXL code on SND cores are rare but can occur when DoS protections, such as the SecureXL Penalty Box or Drop Templates, are configured.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

the_rock

Thanks Tim.

Best,
Andy

Filters

Sort By

Categories

Zdebug drop script

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.