vpn debug

Description Instruct the VPN daemon to write debug messages to the VPN log file: in $FWDIR/log/vpnd.elg. Debugging of the VPN daemon takes place according to topics and levels. A topic is a specific area on which to perform debugging, for example if the topic is LDAP, all traffic between the VPN daemon and the LDAP server are written to the log file. Levels range from 1-5, where 5 means "write all debug messages".

This command makes use of TdError, a Check Point infrastructure for reporting messages and debug information. There is no legal list of topics. It depends on the application or module being debugged.

To debug all available topics, use: ALL for the debug topic.

IKE traffic can also be logged. IKE traffic is logged to $FWDIR/log/IKE.elg

Syntax

> vpn debug <on [ DEBUG_TOPIC=level] | off | ikeon | ikeoff | trunc | timeon <SECONDS>| timeoff

> vpn debug on DEBUG_TOPIC=level | off timeon <SECONDS>] | timeoff

> vpn debug ikeon | ikeoff timeon | timeoff

> vpn debug trunc

Syntax

Parameter	Description
on	Turns on high level VPN debugging.
on topic=level	Turns on the specified debug topic on the specified level. Log messages associated with this topic at the specified level (or higher) are sent to $FWDIR/log/vpnd.elg
off	Turns off all VPN debugging.
timeon | timeoff	Number of seconds to run the debug command
ikeon	Turns on IKE packet logging to: $FWDIR/log/IKE.elg
ikeoff	Turns of IKE logging
trunc	Truncates the $FWDIR/log/IKE.elg file, switches the cyclic vpnd.elg (changes the current vpnd.elg file to vpnd0.elg and creates a new vpnd.elg), enables VPND and IKE debugging and adds a timestamp to the vpnd.elg file.

Return Value 0= success, failure is some other value, typically -1 or 1.

Example vpn debug on all=5 timeon 5.

This writes all debugging information for all topics to the vpnd.elg file for five seconds.

Comments IKE logs are analyzed using the support utility IKEView.exe.