Kernel Debug Procedure

Important - In cluster, perform these steps on all the Cluster Members in the same way.

Step	Description
1	Connect to the command line on the Security Gateway.
2	Log in to the Expert mode.
3	Reset the kernel debug options: `fw ctl debug 0`
4	Reset the kernel debug filters: `fw ctl set int simple_debug_filter_off 1`
5	Configure the applicable kernel debug filters.
6	Allocate the kernel debug buffer for every CoreXL FW instance: `fw ctl debug -buf 8200`
7	Make sure the kernel debug buffer was allocated: `fw ctl debug \| grep buffer`
8	Enable the applicable debug flags in the applicable kernel modules: `fw ctl debug -m <`module`> {all \| + <`flags`>}`
9	Examine the list of the debug flags that are enabled in the specified kernel modules: `fw ctl debug -m <`module`>`
10	Start the kernel debug: `fw ctl kdebug -T -f > /var/log/kernel_debug.txt`
11	Replicate the issue, or wait for the issue to occur.
12	Stop the kernel debug: Press CTRL+C
13	Reset the kernel debug options: `fw ctl debug 0`
14	Reset the kernel debug filters: `fw ctl set int simple_debug_filter_off 1`
15	Analyze the debug output file: On a Host Security Appliance without Falcon Acceleration Cards: `/var/log/kernel_debug.txt` On a Host Security Appliance with the installed Falcon Acceleration Cards: `/var/log/kernel_debug_unified.txt`

Example - Connection 192.168.20.30:<Any> --> 172.16.40.50:80

[Expert@GW:0]# fw ctl debug 0

Defaulting all kernel debugging options

Debug state was reset to default.

[Expert@GW:0]#

[Expert@GW:0]# fw ctl set int simple_debug_filter_off 1

[Expert@GW:0]#

[Expert@GW:0]# fw ctl set str simple_debug_filter_saddr_1 "192.168.20.30"

[Expert@GW:0]#

[Expert@GW:0]# fw ctl set str simple_debug_filter_daddr_2 "192.168.20.40"

[Expert@GW:0]#

[Expert@GW:0]# fw ctl set int simple_debug_filter_dport_1 80

[Expert@GW:0]#

[Expert@GW:0]# fw ctl debug -buf 8200

Initialized kernel debugging buffer to size 8192K

[Expert@GW:0]#

[Expert@GW:0]# fw ctl debug | grep buffer

Kernel debugging buffer size: 8192KB

[Expert@GW:0]#

[Expert@GW:0]# fw ctl debug -m fw + conn drop

Updated kernel's debug variable for module fw

Debug flags updated.

[Expert@GW:0]#

[Expert@GW:0]# fw ctl debug -m fw

Kernel debugging buffer size: 8192KB

Module: fw

Enabled Kernel debugging options: error warning conn drop

Messaging threshold set to type=Info freq=Common

[Expert@GW:0]#

[Expert@GW:0]# fw ctl kdebug -T -f > /var/log/kernel_debug.txt

... ... Replicate the issue, or wait for the issue to occur ... ...

...

... ... Press CTRL+C ... ...

[Expert@GW:0]#

[Expert@GW:0]# fw ctl debug 0

Defaulting all kernel debugging options

Debug state was reset to default.

[Expert@GW:0]#

[Expert@GW:0]# fw ctl set int simple_debug_filter_off 1

[Expert@GW:0]#

[Expert@GW:0]# ls -l /var/log/kernel_debug.txt

-rw-rw---- 1 admin root 1630619 Apr 12 19:49 /var/log/kernel_debug.txt

[Expert@GW:0]#