Via syslog messages, Chapter 5 – Nortel Networks 608(WL) User Manual
Page 170
Chapter 5
Troubleshooting SpeedTouch™ IPSec
E-DOC-CTC-20051017-0169 v0.1
168
Via Syslog messages
The Syslog protocol is a powerful mechanism to investigate network issues. It
allows for logging events occurred on the device.
The Syslog messages can be retrieved in two ways:
locally
Use these CLI command to retrieve the history of Syslog messages:
IPSec related syslog messages are disabled by default. Logging can be
enabled or disabled by the following command:
remotely
Configure a remote Syslog server to which all logged Syslog messages are
sent. Using the rule indicated below causes all Syslog messages with severity
debug or higher to be sent towards the machine with IP address “90.0.0.138”:
Below a typical example of Syslog rules logging the rekeying of a Phase 2 tunnel.
First the new Phase 2 tunnel is negotiated and 4 seconds later the old and expired
Phase 2 tunnel is deleted.
:syslog msgbuf show
=>IPSec
[ipsec]=>debug
[ipsec debug]=>syslog state
disabled
enabled
[ipsec debug]=>syslog state disabled
[ipsec debug]=>
:syslog ruleadd fac=all sev=debug dest=90.0.0.138
...
<6> SysUpTime: 14:12:50 VPN : Rekey Phase 2: Loc:141.*.*.*, Rem:192.168
.1.* (50.0.0.139)
<6> SysUpTime: 14:12:50 VPN : AddSa: SPIs(OUT/IN):D40467B8/
5F0E9992 Loc:141.*.*.* Rem:192.168.1.* (50.0.0.139) Prot:ESP-AES[128]-
HMAC-MD5 Exp:0h:10m:00s
<6> SysUpTime: 14:12:54 VPN : DelSa: SPIs(OUT/IN):04D3EF01/
1CF5AAF2 Time=0h:07m:41s
...