FirePower debug
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2019 12:09 AM - edited 02-21-2020 09:41 AM
Hello everyone,
I have a question regarding debug in FirePower devices without using FMC. Just want to make sure the procedure is correct:
- enable diagnostic logging in FDM,
- enable console filter in FDM with level set to debug,
- enter system support diagnostic-cli (FTD CLI) and set desired debug (for example "debug crypto engine"). Connection to CLI is SSH.
So my question is if this is the right procedure and do I need to specify types of debug I want to see, because immediately after enabling console filter I start to receive different outputs some of which are already regarding access rules, IKE protocol, etc.
Thanks in advanced.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2019 04:25 AM - edited 11-17-2019 04:26 AM
In addition to the desired debugs you will see syslog events on your console or ssh session.
One way to separate them out is to use the option "logging debug-trace":
You need to push that via Flexconfig. You can then sort through and parse the messages using your syslog server.
You might also read this related thread:
https://community.cisco.com/t5/firepower/ftd-cli-ssh-debugging/td-p/3711562
