beautypg.com

Via syslog messages, Chapter 5 – Nortel Networks 608(WL) User Manual

Page 170

background image

Chapter 5

Troubleshooting SpeedTouch™ IPSec

E-DOC-CTC-20051017-0169 v0.1

168

Via Syslog messages

The Syslog protocol is a powerful mechanism to investigate network issues. It
allows for logging events occurred on the device.

The Syslog messages can be retrieved in two ways:

locally
Use these CLI command to retrieve the history of Syslog messages:

IPSec related syslog messages are disabled by default. Logging can be
enabled or disabled by the following command:

remotely
Configure a remote Syslog server to which all logged Syslog messages are
sent. Using the rule indicated below causes all Syslog messages with severity
debug or higher to be sent towards the machine with IP address “90.0.0.138”:

Below a typical example of Syslog rules logging the rekeying of a Phase 2 tunnel.
First the new Phase 2 tunnel is negotiated and 4 seconds later the old and expired
Phase 2 tunnel is deleted.

:syslog msgbuf show

=>IPSec
[ipsec]=>debug
[ipsec debug]=>syslog state
disabled

enabled

[ipsec debug]=>syslog state disabled
[ipsec debug]=>

:syslog ruleadd fac=all sev=debug dest=90.0.0.138

...
<6> SysUpTime: 14:12:50 VPN : Rekey Phase 2: Loc:141.*.*.*, Rem:192.168
.1.* (50.0.0.139)
<6> SysUpTime: 14:12:50 VPN : AddSa: SPIs(OUT/IN):D40467B8/
5F0E9992 Loc:141.*.*.* Rem:192.168.1.* (50.0.0.139) Prot:ESP-AES[128]-
HMAC-MD5 Exp:0h:10m:00s
<6> SysUpTime: 14:12:54 VPN : DelSa: SPIs(OUT/IN):04D3EF01/
1CF5AAF2 Time=0h:07m:41s
...

This manual is related to the following products: