Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Juniper debug settings

Posted on 2010-09-21
7
Medium Priority
?
1,771 Views
Last Modified: 2012-05-10
Hi,

I need to get some debug logs from a netscreen firewall.
Now this in itself is not really a problem.
However, whenever I set the debug options I want:
debug flow basic
debug ike detail

and I type get debug, I can see both these things are being logged.
But this will only keep logging until the CLI gets disconnected.
If I log back in and type "get debug" nothing is being logged.

Is there a command to ensure it keep logging these things even after you log out of the command line interface?

Thanks,
UM
0
Comment
Question by:umeex
6 Comments
 
LVL 10

Expert Comment

by:ujitnos
ID: 33731536
0
 

Author Comment

by:umeex
ID: 33731668
Thanks for this.
The document is actually very useful, but it still does not really help me solve the initial problem.
When I set the debugging options, the system only debugs until the CLI sessin gets terminated.
Is there any way to ensure the debugging just keeps going until I manually stop it or the buffer fills up?
Even if I need to terminate the CLI session?
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 33731790
Try "snoop", a kind of debug tool within Netscreen
http://kb.juniper.net/KB5411 
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 80

Accepted Solution

by:
arnold earned 500 total points
ID: 33731850
What is the point of running a debug session if you are not there to monitor it?

What you might be looking for is to increase the verbosity of data loged.  You should look at the logging settings on the netscreen. note that this could add to the load.
If you have your netscreen configured with syslog or snmptraps, that is the approach you might want to take.

http://mail.adeptech.com/pipermail/sidewinder/2009-February/002667.html
Check the IKE/RULE policy and check the audit level
Policy --> Rule Elements --> Services --> isakmp
etc.
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
ID: 33898094
Arnold is absolutely right. Loosing the debug switches on logout is a feature, because it shall prevent from accidently keeping debugging on when leaving an admin session. Debug switches only make sense when you are there to analyze them near real-time, and usually they are very demanding for the device, so you won't let that run too long.

Snoop might really be an alternative for a longer term, since it can use the buffer circularly, and so you have a descent time slot, with a detail level (by setting the capture size of each packet). Snoop'd packets can be transferred to your PC, and converted for analyzing via WireShark (or any PCap compatible analyzer).

Syslog and SNMPTraps are the way you monitor for long-term.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 34203769
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the shift in today’s hiring climate (http://blog.experts-exchange.com/ee-blog/5-tips-on-succeeding-in-the-new-gig-economy/?cid=Blog_031816), many companies are choosing to hire freelancers to get projects completed efficiently and inexpensively…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Loops Section Overview
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month21 days, 7 hours left to enroll

804 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question