Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 19257 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detailed Log Location?

SeanPetty

So far I've tried to establish 2 site-to-site IPSec tunnels and neither have been successful - both have been painful to be obvious.  And time consuming.

 

The level of detail from the LogViewer is just not acceptable to diagnose and troubleshoot these connections.  Is there any way to get much more detailed logs with handshake details via the Device Management/Advanced Shell route?  I've looked in /var/log and /etc but nothing is jumping right out at me.

 

Any pointers to detailed logs would be very helpful.

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Sean,

    go to console and type:

     show vpn IPSec-logs

    Report the logs here.

    Thanks

  • 0 in reply to lferrara

    Thanks, Luk.

     

    I actually figured out that the logs were in /log - duh.  I found it very useful to troubleshoot the new tunnel by going to the Advanced Shell, then switching to the log directory.  From there we tail'd the log and were able to filter by the IP that we were using rather than the whole log.  For those interested it went like this:

     

    XG550_XN01_SFOS 16.05.4 MR-4# cd /log

    XG550_XN01_SFOS 16.05.4 MR-4# tail -f ipsec.log | grep 99.3

    Aug 14 19:35:54 "I-1" #1636: cannot respond to IPsec SA request because no connection is known for 1.1.1.93:47/0...1.1.99.3:47/0

    Aug 14 19:35:54 "I-1" #1636: sending encrypted notification INVALID_ID_INFORMATION to 1.1.99.3:500

    Aug 14 19:35:58 "I-1" #1636: sending encrypted notification INVALID_MESSAGE_ID to 1.1.99.3:500

     

    Now on to the next problem, which I'll detail in another post.

    Thanks for the help.

    Sean

Reply
  • 0 in reply to lferrara

    Thanks, Luk.

     

    I actually figured out that the logs were in /log - duh.  I found it very useful to troubleshoot the new tunnel by going to the Advanced Shell, then switching to the log directory.  From there we tail'd the log and were able to filter by the IP that we were using rather than the whole log.  For those interested it went like this:

     

    XG550_XN01_SFOS 16.05.4 MR-4# cd /log

    XG550_XN01_SFOS 16.05.4 MR-4# tail -f ipsec.log | grep 99.3

    Aug 14 19:35:54 "I-1" #1636: cannot respond to IPsec SA request because no connection is known for 1.1.1.93:47/0...1.1.99.3:47/0

    Aug 14 19:35:54 "I-1" #1636: sending encrypted notification INVALID_ID_INFORMATION to 1.1.99.3:500

    Aug 14 19:35:58 "I-1" #1636: sending encrypted notification INVALID_MESSAGE_ID to 1.1.99.3:500

     

    Now on to the next problem, which I'll detail in another post.

    Thanks for the help.

    Sean

Children
No Data