Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4968
Views
0
Helpful
1
Replies

FirePower debug

ivan.kusturic
Level 1
Level 1

‎11-15-2019 12:09 AM - edited ‎02-21-2020 09:41 AM

Hello everyone,

I have a question regarding debug in FirePower devices without using FMC. Just want to make sure the procedure is correct:

- enable diagnostic logging in FDM,

- enable console filter in FDM with level set to debug,

- enter system support diagnostic-cli (FTD CLI) and set desired debug (for example "debug crypto engine"). Connection to CLI is SSH.

So my question is if this is the right procedure and do I need to specify types of debug I want to see, because immediately after enabling console filter I start to receive different outputs some of which are already regarding access rules, IKE protocol, etc.

Thanks in advanced.

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-17-2019 04:25 AM - edited ‎11-17-2019 04:26 AM

In addition to the desired debugs you will see syslog events on your console or ssh session.

One way to separate them out is to use the option "logging debug-trace":

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc25

You need to push that via Flexconfig. You can then sort through and parse the messages using your syslog server.

You might also read this related thread:

https://community.cisco.com/t5/firepower/ftd-cli-ssh-debugging/td-p/3711562

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card