FirePower debug

ivan.kusturic · ‎11-15-2019

Hello everyone,

I have a question regarding debug in FirePower devices without using FMC. Just want to make sure the procedure is correct:

- enable diagnostic logging in FDM,

- enable console filter in FDM with level set to debug,

- enter system support diagnostic-cli (FTD CLI) and set desired debug (for example "debug crypto engine"). Connection to CLI is SSH.

So my question is if this is the right procedure and do I need to specify types of debug I want to see, because immediately after enabling console filter I start to receive different outputs some of which are already regarding access rules, IKE protocol, etc.

Thanks in advanced.

Marvin Rhoads · ‎11-17-2019

In addition to the desired debugs you will see syslog events on your console or ssh session.

One way to separate them out is to use the option "logging debug-trace":

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc25

You need to push that via Flexconfig. You can then sort through and parse the messages using your syslog server.

You might also read this related thread:

https://community.cisco.com/t5/firepower/ftd-cli-ssh-debugging/td-p/3711562

FirePower debug

Cisco Spaces Connector の Debug 設定方法

Como Configurar BGP no Cisco Firepower FDM

Firepower System and FTD: Bug Trend (2024年)

Como configurar OSPF no Cisco Firepower Threat Defense (FTD)

Instalação e Configuração do Cisco Firepower Virtual (FDM)