Secure the GenAI Revolution!
The All-New GenAI Security from Check Point
Transform Your Data Center Management:
The Power of Check Point's MFaaS
Forwarding Events to 3rd-party SIEM
Help us with the Short-Term Roadmap
Mastering Endpoint Security -
Best Practices for 2024
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
Paradigm Shift in Cloud Security
In general there are two primary areas of debugging: Process Space and Kernel Space. An SMS will only have debugs available in Process Space, while a gateway can have debugging active in Kernel Space and/or Process Space. Kernel Space debugs are far more likely to cause gateway performance or stability effects if they get into a runaway state.
For kernel debugs you can see what debug flags are currently set with these commands:
fw ctl debug
sim dbg list (R80.20+ - fwaccel dbg list)
To reset kernel debugs to default:
fw ctl debug 0
sim dbg resetall (R80.20+ - fwaccel dbg resetall)
Note: for SecureXL debugs (sim/fwaccel) it is extremely important to set a very specific filter with the -f option or the chances of cratering the system with a runaway debug are very high.
Because there are so many different tools and techniques for initiating Process Space debugs, figuring out if one is active is much more difficult. Probably the best approach would be to run these commands and look for *.elg files rapidly increasing in size where the process debug files are typically written, and whether they are quickly being rotated (i.e. fwd.elg, fwd.elg.1, fwd.elg.2):
watch ls -ltr $FWDIR/log/*.elg
watch ls -ltr $CPDIR/log/*.elg
--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
