Debugging Information for the Cisco Adaptive Security Appliance
This section provides Debugging Information for the Cisco Adaptive Security Appliance
Cisco Adaptive Security Appliance Debugging Commands
The following table lists the debugging commands for the Cisco Adaptive Security Appliance.
To |
Use the Command |
Notes |
||
---|---|---|---|---|
Show ICMP packet information for pings to the Cisco Adaptive Security Appliance interfaces |
|
We strongly recommend that you disable debug messages
once you have completed your troubleshooting. To disable ICMP debug messages,
use the
|
||
Show messages relating to the certificate validation between IM and Presence Service /Cisco Adaptive Security Appliance or Cisco Adaptive Security Appliance/external domain |
|
You can increase log level on the Cisco Adaptive Security Appliance by adding the log level parameter to this command, for example:
|
||
|
Displays only debug messages for input and output messages |
|||
|
Displays only debug messages for transactions |
|||
Show the SIP messages sent through CiscoAdaptive Security Appliance |
|
|||
Send log messages to a buffer (for later viewing) |
|
|||
Enable system log messages |
|
We strongly recommend that you disable system log
messages once you have completed your troubleshooting. To disable system log
messages, use the
|
||
Send system log messages to a buffer |
|
|||
Set system log messages to be sent to Telnet or SSH sessions |
|
|||
Designate a (syslog) server to receive the system log messages |
|
|
||
Ping the Interfaces |
|
Refer to the Troubleshooting section of the CiscoSecurity Appliance Command Line Configuration Guide for details on pinging the Cisco Adaptive Security Appliance interfaces, and also pinging between hosts on different interfaces to ensure that the traffic can pass successfully through the Cisco Adaptive Security Appliance. You can also ping an interface in ASDM by choosing .
|
||
Trace the route of a packet |
|
You can also trace the route of a packet in ASDM, choose . |
||
Trace the life span of a packet through the Cisco Adaptive Security Appliance |
|
You can also trace the life span of a packet in ASDM , choose . |
Related Information -
Capture Output on Internal and External Interfaces
Procedure
Step 1 |
Enter configuration mode:
|
Step 2 |
Define an access-list to specify the traffic to be captured, for example:
|
Step 3 |
It is recommended that you clear the capture content before starting the tests. Use the command "clear capture in" to clear the internal interface capture, and the command "clear capture out" to clear the external interface capture. |
Step 4 |
Enter this command to capture the packets on the internal interface:
|
Step 5 |
Enter this command to capture the packets on the external interface:
|
Step 6 |
Enter this command to capture TLS specific packets:
|
Step 7 |
Enter this command to retrieve the packet capture:
Enter this command to copy the output to disk and retrieve using ASDM (choose ):
|
TLS Proxy Debugging Commands
The following table lists the debugging commands for the TLS Proxy.
To |
Use the Command(s) |
---|---|
Enable TLS proxy-related debug and syslog output |
|
Show a TLS proxy session output |
|
Check the active TLS proxy sessions |
|
View the detail of the current TLS proxy sessions (Use when the Cisco Adaptive Security Appliance successfully establishes connections with the IM and Presence Service and the external domain) |
|