Entradas populares

viernes, 14 de enero de 2011

Donde esta el maldito debug en Paloalto Network????

Creo que no soy el único que sea preguntado como se activa y se ve el resultado del Debug en PALOALTO. Bien pues sin demasiados comentarios más os dejo el resumen de los comandos claves. Comentar que la forma de entenderlo es teniendo en mente los netscreen y su get dbug stream. También hay algunos comandos para ver los ficheros que hemos creado o como desactivar "Fast forwarding" de cara a procesar todos los paquetes y poder analizarlos.
Show debug PALO ALTO NETWORKS by RobClav

A partir de aquí es una copia de un documento de la red:


Turning off hardware acceleration to identify whether it's FPGA/NP issue or software issue (less common)
  • set session offload no" to turn off firewall hardware offload -
  • debug dataplane fpga set {sw_aho|sw_dfa|sw_dlp} yes" to turn off content match offload when hardware offlad is turned off,


Check resource-monitor to verify that dataplane is not overloaded.
  • debug dataplane show resource-monitor


Check data-plane health -  Also any error in:
  • less dp-log mprelay.log

There are three main types of pcaps: 

1. Filter-pcap (a.k.a debug filter)
-  use to capture based upon src/destIP ,and src/dest port 
2.  Application-pcap
-  use to capture packets for a particular app-ID (use when appID detects traffic that is not that app)
3.  Unknown-pcap -  useforcapturingunknown-tcp,unknown-udp,unknown-p2p

  To configure: debug dataplane filter set
  To confirm config: debug dataplane get
  To view packets: view-pcap filter-pcap scp export filter
  To clean up: delete debug-filter file
To list existing files:
  • view-pcap filter-pcap

To view in real-time the contents of a particular file, use the argument follow yes:

  To configure: set application dump on
  To confirm config: debug dataplane show application setting
  To view packets: view-pcap application-pcap scp export application from
  To clean up: set application dump off delete pcap directory

First specify what you want to see: debug dataplane filter on debug dataplane filter set source x.x.x.x dest y.y.y.y
2. Now enable debugging: debug dataplane on debug
debug dataplane set flow basic
3. Generate traffic
4. To view output: tail follow yes dp-log pan_task*
5. To clean up:
debug dataplane off debug dataplane on error debug dataplane filter off

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)