Solved

Juniper debug settings

Posted on 2010-09-21
7
1,757 Views
Last Modified: 2012-05-10
Hi,

I need to get some debug logs from a netscreen firewall.
Now this in itself is not really a problem.
However, whenever I set the debug options I want:
debug flow basic
debug ike detail

and I type get debug, I can see both these things are being logged.
But this will only keep logging until the CLI gets disconnected.
If I log back in and type "get debug" nothing is being logged.

Is there a command to ensure it keep logging these things even after you log out of the command line interface?

Thanks,
UM
0
Comment
Question by:umeex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:ujitnos
ID: 33731536
0
 

Author Comment

by:umeex
ID: 33731668
Thanks for this.
The document is actually very useful, but it still does not really help me solve the initial problem.
When I set the debugging options, the system only debugs until the CLI sessin gets terminated.
Is there any way to ensure the debugging just keeps going until I manually stop it or the buffer fills up?
Even if I need to terminate the CLI session?
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 33731790
Try "snoop", a kind of debug tool within Netscreen
http://kb.juniper.net/KB5411 
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 78

Accepted Solution

by:
arnold earned 125 total points
ID: 33731850
What is the point of running a debug session if you are not there to monitor it?

What you might be looking for is to increase the verbosity of data loged.  You should look at the logging settings on the netscreen. note that this could add to the load.
If you have your netscreen configured with syslog or snmptraps, that is the approach you might want to take.

http://mail.adeptech.com/pipermail/sidewinder/2009-February/002667.html
Check the IKE/RULE policy and check the audit level
Policy --> Rule Elements --> Services --> isakmp
etc.
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 125 total points
ID: 33898094
Arnold is absolutely right. Loosing the debug switches on logout is a feature, because it shall prevent from accidently keeping debugging on when leaving an admin session. Debug switches only make sense when you are there to analyze them near real-time, and usually they are very demanding for the device, so you won't let that run too long.

Snoop might really be an alternative for a longer term, since it can use the buffer circularly, and so you have a descent time slot, with a detail level (by setting the capture size of each packet). Snoop'd packets can be transferred to your PC, and converted for analyzing via WireShark (or any PCap compatible analyzer).

Syslog and SNMPTraps are the way you monitor for long-term.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34203769
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Live is the evolution of Q&A. Get your technology problems solved instantly by connecting with technology experts instantly. Pair programming has never been easier.
Whether you believe the “gig economy,” as it has been dubbed, is the next big economic paradigm shift (https://www.theguardian.com/commentisfree/2015/jul/26/will-we-get-by-gig-economy) or an overstated trend (http://www.wsj.com/articles/proof-of-a-g…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question