This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
MVP Gold
MVP Gold
‎2019-02-12 02:16 PM

In general there are two primary areas of debugging: Process Space and Kernel Space.  An SMS will only have debugs available in Process Space, while a gateway can have debugging active in Kernel Space and/or Process Space.  Kernel Space debugs are far more likely to cause gateway performance or stability effects if they get into a runaway state.

For kernel debugs you can see what debug flags are currently set with these commands: 

fw ctl debug

sim dbg list (R80.20+ - fwaccel dbg list)

To reset kernel debugs to default:

fw ctl debug 0

sim dbg resetall (R80.20+ - fwaccel dbg resetall)

Note: for SecureXL debugs (sim/fwaccel) it is extremely important to set a very specific filter with the -f option or the chances of cratering the system with a runaway debug are very high.

Because there are so many different tools and techniques for initiating Process Space debugs, figuring out if one is active is much more difficult.  Probably the best approach would be to run these commands and look for *.elg files rapidly increasing in size where the process debug files are typically written, and whether they are quickly being rotated (i.e. fwd.elg, fwd.elg.1, fwd.elg.2):

watch ls -ltr $FWDIR/log/*.elg

watch ls -ltr $CPDIR/log/*.elg

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

View solution in original post

(1)
Who rated this post