SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Conflict between debug and traceoptions

    Posted 12-16-2010 04:43

    I was investigating an issue between 2 endpoints on an IPSec VPN connection so I set

    request security ike debug-enable level 15

     

    and then when I was finished ran

    request security ike debug-disable

     

    This stopped everything that was previously logged under traceoptions

    traceoptions {
        file ike size 1m files 10;
        flag policy-manager;
    }

     

    I don't know how to make things to back to how they were before and would really like it if someone could help me out.

    Thanks,

    Mark



  • 2.  RE: Conflict between debug and traceoptions
    Best Answer

    Posted 12-16-2010 06:48

    Try running a "commit full" and see if it restarts the traceoptions.

     

    Ben



  • 3.  RE: Conflict between debug and traceoptions

    Posted 12-16-2010 07:28

    Depending on config size, level 15 and commit fulls are probably not the best of the best...  Can cause some SERIOUS issues if you have LARGE configs, or LOTS of ike gateways...

     

    Control / Forwarding link between the two can get saturated with data...

     

    RKIM could explain it better ;o)

     

     



  • 4.  RE: Conflict between debug and traceoptions

    Posted 12-17-2010 05:23

    Thanks for the replies my logging is back to normal now.

     

    I had this problem on a SRX210 with only 15 VPNs so I don't think the amount of data is a problem. I do plan on having a lot more VPNs soon so this is something to look out for. Thanks for the heads up.