Network Monitoring and Maintenance
The following describes how to monitor and maintain your SunScreen.
Using the ssadm logdump Command
ssadm logdump is based on the Solaris snoop program and has similar characteristics. In addition to the packet information available with snoop, ssadm logdump also adds additional information such as the interface on which the packet was received and the reason that the packet was logged.
For details on the ssadm logdump command, refer to the ssadm-logdump man page.
To run ssadm logdump and display packets in the log.
# ssadm logdump -i logfile |
Where log_file is a log file that is downloaded from the Screen.
Using the ssadm debug_level Command
If you have access to the console on your SunScreen (through a serial line or directly connected CRT), you can use the ssadm debug_level command to control the printing of command debugging information from the SunScreen kernel.
If you type ssadm debug_level with no arguments, it displays the current debug-level mask. By default, this mask is 1, which means it only reports significant errors.
If you specify a hex number as an argument for ssadm debug_level, it sets the kernel debugging mask to that level. To get a list of debugging bit choices type:
# ssadm debug_level ? |
You select a ssadm debug_level mask by setting all of the debugging bits in which you are interested.
Probably the most useful of the ssadm debug_level debugging bit is DEFAULT_DROP. For example, if you type:
# ssadm debug_level 1001 |
any packets being dropped by SunScreen because they do not match any rule are reported. This is a quick way to see if the SunScreen is passing packets that you expect it to pass. You can also achieve this same result by setting the default action on the interface to LOG_SUMMARY or LOG_DETAIL and examine the logs.
Another useful debugging bit to set is STATE_CHANGE. This causes the kernel to report any additions or deletions from its internal state tables.
Some of the debugging bits produce a very large amount of output on a production Screen and should be used with caution. An example is ACTION, which reports execution of any PFL action.
Gathering Information From Your System to Report Support Issues
If you have any support issues, call your authorized service provider. For further information about support, use the following URL to contact Enterprise Services: http://www.sun.com/service/support/index.html.
It is helpful to first gather information describing your configuration. This information can be collected by saving the output of the following SunScreen support command. You invoke these commands for information that is useful in troubleshooting through the ssadm lib/support command.
The support command has the form: ssadm [ -r Screen_Name ] lib/support function parameters...
- © 2010, Oracle Corporation and/or its affiliates