Junos OS

last person joined: 7 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  /var/log/kmd Message Documentation

    Posted 07-27-2009 08:37
    I haven't been able to find documentation on the types of log messages (and their meaning) that would be found in the /var/log/kmd log file.  For example using IPSec on an m7i router with an adaptive services module and using the traceoptions option in the services ipsec configuration.  Is there a place where the messages are documented?


  • 2.  RE: /var/log/kmd Message Documentation

    Posted 07-27-2009 10:19

    Does this help?:

     

    http://www.juniper.net/techpubs/en_US/junos9.5/information-products/topic-collections/syslog-messages/jd0e23141.html

     

    If you are seeing structured messages (words seperated by underscores like: 

    KMD_CFG_IF_ID_POOL_NO_ENTRY

    you can try just entering those in the Juniper KB at http://kb.juniper.net

     

    Regards,

     

    -Keith

     

     

     

     



  • 3.  RE: /var/log/kmd Message Documentation

    Posted 07-27-2009 12:53

    No, unfortunately that does not appear to help, the document you refer to is basically the only one I've been able to find.  The messages I see in the /'var/kmd file don't start with KMD_, they look more like these:

     

     Jul 27 19:50:11 ike_free_id_payload: Start, id type = 4
    Jul 27 19:50:11 ike_udp_callback: Packet ready in source :
    Jul 27 19:50:11 ike_get_sa: Start, SA = { c1d23b66 13ce9f06 - 65e430b4 5c6d34c1 } / 99da73a0, remote = <ip>

    Jul 27 19:50:11 ike_sa_find: Found SA = { c1d23b66 13ce9f06 - 65e430b4 5c6d34c1 }

     

    Jul 27 19:50:55 jnp_ike_connect_delete: Start, remote_name = <ip>, flags = 00000000
    Jul 27 19:50:55 jnp_ike_create_delete_internal: Start, remote_name = <ip>, flags = 00000000

     

    or:


    Jul 27 19:50:55 Deleted (spi=3165878837, protocol=ESP dst=<ip>) entry from the dynamic sa spi hash table
     

     

     



  • 4.  RE: /var/log/kmd Message Documentation
    Best Answer

    Posted 07-28-2009 11:05

    Those message are debug related, as a result of configuring ipsec traceoptions.  Traceoptions are typically only used when troubleshooting a specific problem.  Many times this would be done at the request of JTAC.  In some instances, the output of the traceoptions is only meaning full to Juniper developers or JTAC.  The trace documentation is limited to what each flag does.

     

    http://www.juniper.net/techpubs/en_US/junos9.5/information-products/topic-collections/config-guide-services/services-tracing-ipsec-operations.html#id-12175992

     

    Is there a specific ipsec issue, you are troubleshooting?  If not, I would recommend disabling the traceoptions for ipsec, as it only causes extra cpu/file io, etc.

     

    Regards,

    Ben