To debug netscreen information, we have to use a hidden command “debug”
Login to the netscreen console, you can see the command prompt
login: netscreen (default)
password: [netscreen] (default)
after that you will see the prompt:
ssg5-fw1-> [tab]
clear clear dynamic system info
delete delete persistent info in flash
exec exec system commands
exit exit command console
get get system information
mtrace multicast traceroute from source to destination
ping ping other host
reset reset system
save save command
set configure system parameters
trace-route trace route
unset unconfigure system parameters
You cannot see the “debug” command here, but if you type “debug [tab]“, a list of debug parameter is listed and you can debug anything you want.
ssg5-fw1-> debug [tab]
for examples, to debug IKE packet and error: type “debug ike detail”
ssg5-fw1-> debug ike detail [Enter]
to debug ldap auth server: type “debug auth all” , “debug ldap all”
ssg5-fw1-> debug auth all [Enter]
Netscreen will put the debug information in the dbuf. You can set the size of the buffer by “set dbuf size <number>” where <number> from 32 to 4096 in kbytes.
ssg5-fw1-> set dbuf size 512 [Enter]
To view the debug output, type “get dbuf stream” and it will give you all the detail.
ssg5-fw1-> get dbuf stream [Enter]
To clear the buffer, type “clear dbuf” and all debug information will be cleared.
ssg5-fw1-> clear dbuf [Enter]
I find it useful to pipe the debug detail to the tftp server, because the width of the screen may not fit all the detail.
ssg5-fw1-> get buf stream > tftp 192.168.1.15 netscreen.log
RSS feed for comments on this post · TrackBack URI
Leave a reply