cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3079
Views
0
Helpful
1
Replies

FirePower debug

ivan.kusturic
Beginner
Beginner

Hello everyone,

I have a question regarding debug in FirePower devices without using FMC. Just want to make sure the procedure is correct:

- enable diagnostic logging in FDM,

- enable console filter in FDM with level set to debug,

- enter system support diagnostic-cli (FTD CLI) and set desired debug (for example "debug crypto engine"). Connection to CLI is SSH.

So my question is if this is the right procedure and do I need to specify types of debug I want to see, because immediately after enabling console filter I start to receive different outputs some of which are already regarding access rules, IKE protocol, etc.

Thanks in advanced.

1 REPLY 1

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

In addition to the desired debugs you will see syslog events on your console or ssh session.

One way to separate them out is to use the option "logging debug-trace":

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc25

You need to push that via Flexconfig. You can then sort through and parse the messages using your syslog server.

You might also read this related thread:

https://community.cisco.com/t5/firepower/ftd-cli-ssh-debugging/td-p/3711562

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: