SRX Services Gateway
Reply
Contributor
mmcgilly
Posts: 15
Registered: ‎09-17-2010
0
Accepted Solution

Conflict between debug and traceoptions

I was investigating an issue between 2 endpoints on an IPSec VPN connection so I set

request security ike debug-enable level 15

 

and then when I was finished ran

request security ike debug-disable

 

This stopped everything that was previously logged under traceoptions

traceoptions {
    file ike size 1m files 10;
    flag policy-manager;
}

 

I don't know how to make things to back to how they were before and would really like it if someone could help me out.

Thanks,

Mark

Trusted Contributor
BenR
Posts: 89
Registered: ‎03-18-2010
0

Re: Conflict between debug and traceoptions

Try running a "commit full" and see if it restarts the traceoptions.

 

Ben

Super Contributor
colemtb
Posts: 312
Registered: ‎09-30-2009
0

Re: Conflict between debug and traceoptions

[ Edited ]

Depending on config size, level 15 and commit fulls are probably not the best of the best...  Can cause some SERIOUS issues if you have LARGE configs, or LOTS of ike gateways...

 

Control / Forwarding link between the two can get saturated with data...

 

RKIM could explain it better ;o)

 

 

Contributor
mmcgilly
Posts: 15
Registered: ‎09-17-2010
0

Re: Conflict between debug and traceoptions

Thanks for the replies my logging is back to normal now.

 

I had this problem on a SRX210 with only 15 VPNs so I don't think the amount of data is a problem. I do plan on having a lot more VPNs soon so this is something to look out for. Thanks for the heads up.

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.