Viewing and filtering logs
This section describes how to display and filter and collect the logs for Blue Cedar Technical Support.
Displaying logs
In operational mode, use the CLI to:
Display a bundle of all the logs for the gateway. This output can be very verbose.
BASH> log showDisplay a subset of all the logs for the gateway, based on component:
BASH> log show-component "classname"The value of element can be any of the classes that the system logs, as enabled with set system logging. See Managing and understanding system logs for details and classes.
For example, to display all the AAA logs:BASH> log show-component "aaa"You can combine classes with commas and no spaces:
BASH> log show-component "aaa,amf,cfm,datapath"Save the logs to a file, including the active log as well as saved logs:
BASH> log dump mylogs.txt
Filtering logs
The log display commands can all be filtered further with these options:
| Option | Description |
|---|---|
| start/end | Use start and/or end to specify a time period. If you use both start and end, end must follow start. Use quotes around the date and time if there are spaces. Examples of valid formats:
|
| reverse | Use only at the end of the command line to display logs newest to oldest instead of oldest to newest. |
| severity | Display logs based on severity. These levels can be combined with commas or quotes. No spaces are allowed in either case. Valid values:
|
Examples:
Combination examples
> log show severity "major,critical"
> log show severity major,info
> log show start "09/08/2020 04:00" end "09/08/2020 05:00" severity "info,major,critical" reverse
> log show-component "aaa,ike" start "09/08/2020 04:00" end "09/08/2020 05:00" severity "info,major,critical" reverse
> log dump mylogs.txt component "aaa,ike" start "09/08/2020 04:00" end "09/08/2020 05:00" severity "info,major,critical" reverseCollecting logs from a specific session
In some cases, the mobile user cannot authenticate, and sees an error that includes a global session ID (GSID). For example, enrollment fails (as it should) when a user's email address is not available in Active Directory or LDAP.
Use the user's GSID as a filter to find relevant logs for debugging:
> log show-gsid 1353513458
Show Contents of the Active Log File
Mon Sep 23 14:32:09.435615 2020
Slot: CB1, SubCls: 999, EID:3433637674, Type:General, Sev: Info
[AAA]: Initial auth for session with gsid 3433637674
Mon Sep 23 14:32:09.436220 2020
Slot: CB1, SubCls: 999, EID: 0, Type:General, Sev: Debug
[AAA]: SESSION CreateTunnelSession {"tunnelSession":"0x1303340","gsid":"3433637674"}
Mon Sep 23 14:32:09.436397 2020
Slot: CB1, SubCls: 999, EID: 0, Type:General, Sev: Debug
[AAA]: SESSION CreateHandle {"tunnelSession":"0x1303340","tunnelHandle":"0xd6839163340","gsid":"3433637674"}
[...]Displaying logs containing a specific string
To display a subset of logs filtered by a string match, use the show-filter option:
> log show-filter "certificate"
Show Contents of the Active Log File
Fri Sep 20 09:26:12.718765 2020
Slot: CB1, SubCls: 999, EID: 0, Type:General, Sev: Debug
[IKE]: Adding certificate with issuer "CN = AdminCA1; O = ELFCA Sample; C = SE;" and serial number "63123f3c7d78ccc" to issuer map
Fri Sep 20 09:26:12.718955 2020
Slot: CB1, SubCls: 999, EID: 0, Type:General, Sev: Debug
[IKE]: Adding certificate with subject "CN = AdminCA1; O = ELFCA Sample; C = SE;" and identifier "CN = AdminCA1; O = ELFCA Sample; C = SE;/63123f3c7d78ccc" to subject map
Fri Sep 20 09:26:14.460291 2020
Slot: CB1, SubCls: 999, EID: 0, Type:General, Sev: Debug
[IKE]: AAA certificates changed: https
Fri Sep 20 09:26:20.019891 2020
Slot: CB1, SubCls: 999, EID: 0, Type:General, Sev: Debug
[AAA]: Adding certificate with issuer "CN = AdminCA1; O = EJBCA Sample; C = SE;" and serial number "63536f3c7d78ccc" to issuer map
Fri Sep 20 09:26:20.020034 2020
Slot: CB1, SubCls: 999, EID: 0, Type:General, Sev: Debug
[AAA]: Adding certificate with subject "CN = AdminCA1; O = ELFCA Sample; C = SE;" and identifier "CN = AdminCA1; O = ELFCA Sample; C = SE;/63123f3c7d78ccc" to subject map
...
Rotating logs and managing log sizes
The virtual gateway manages log sizes and rotates the logs to prevent log files from filling up disk space. When the gateway rotates the log file, a new "active" log file is created. These limits are set by default.
- Total space reserved for logs is 80 MB which is roughly 2% of /dev/sda3, which is 3.9 GB
- Individual file size limit is 8 MB
- Maximum number of files is 9
The "log show" commands and "log dump" command apply to all of the existing logs, not just the active log, unless filters are applied.
Best practices
Copying logs before they rotate: If you think you might need any current or previous logs, we recommend saving copies on a separate machine.
- Use "log dump LogFileSaved.txt" to dump everything that has been archived to a file.
- Use scp to copy the LogFileSaved.txt to another machine.
- Use "log clear" to clean the logs on the gateway. Note that once "log clear" is executed, all archived log files are deleted.
The frequency of "dumping" and "clearing" can be adjusted for your quantity of data.
Filtering: As the logs can grow up to 80 MB on the virtual gateway, the filters described above help view manageable chunks of the logs. Using time-based filtering also helps manage CPU use, as not all archived logs will need to be searched..
Collecting the logs for diagnostics
In operational mode, use the following CLI command to obtain a bundle of all the logs for the gateway. This bundle includes the same output that log dump produces, saved in a file named "logfile.txt", plus any core files, general system messages, and other logs. This diagnostics bundle is typically used by Blue Cedar Support.
> command diagnostic collectExample
Use the file list command to verify that the bundle has been created:
> command diagnostics collect
Diagnostics file created: diagnostics.tar
> file list
diagnostics.tar
mb-default.cfg
latest.cfg