Advertisement
pnlog
pnlog
To set the logging level or to view log information at the console, use the pnlog command. This
command specifies the logging level of the MARS services, as well as the CheckPoint CPMI and LEA
logs received by the MARS Appliance.
Syntax Description
none The default behavior of this command displays the command's usage guidelines.
pnlog show {gui | backend | cpdebug}
The pnlog show command provides running output of a particular logfile at the console. You can view
one of three logfiles: the GUI logs, the backend logs (shows logs for the processes that the pnstatus
command reports on), and CheckPoint debug logs. Press Ctrl+C to stop the output of this command.
When using cpdebug, you must set the pnlog setlevel cpdebug value to 3 or 9, as the default value of 0
turns off all CPE debug messages.
pnlog mailto {[smtp_server] [sender] [recipient]}
The pnlog mailto command is an alternative to sending a Feedback e-mail with the log files attached. It
sends an e-mail from sender to recipient using smtp_server. The e-mail contains debugging information.
These logs contain the logs specified above.
pnlog setlevel {trace | debug | info | warning | error | critical}
The pnlog setlevel command specifies how verbose the logs generated by the MARS Appliance services
are, with trace being the most verbose and critical being the least. The default level is info. Unless you
are actively debugging an issue, Cisco recommends that you use the default value. The trace and debug
options should be used only on the advice of Cisco TAC. Setting a level of critical shows only the critical
events, while setting a level of warning shows all warning or higher events (in other words, it shows
warning, error, and critical events). The CLI sets a global output level while the web interface allows you
to change this setting for each service (use pnstatus to view the list of services). You can access this
setting in the web interface by selecting Admin > System Maintenance > Set Runtime Logging
Levels.
pnlog setlevel cpdebug { 0 | 3 | 9 }
The pnlog setlevel cpdebug command sets the output level of the CheckPoint discovery process. You
must specify one of three levels: 0, 3, or 9, where 0 disables Check Point debug logging, 3 enables all
OPSEC debug logs, and 9 enables all CPMI debug logs. This command is used together with pnlog show
cpdebug command to study the raw output of CheckPoint Discovery (CPMI) and CheckPoint Log (LEA)
sessions. Cisco recommends the use of 9 for debugging and 0 when not actively debugging.
Examples
To view the backend service logs at the console, enter:
pnlog show backend
To send e-mail to bob@exmple.com from admin@example.com using the 192.168.101.5 mail server,
enter:
pnlog mailto 192.168.101.5 admin@example.com bobc@example.com
To set the log level of the MARS Appliance services to debug, enter.
pnlog setlevel debug
To set the log level of the CheckPoint discovery process to debug, enter:
Install and Setup Guide for Cisco Security MARS
A-38
Appendix A
Command Reference
OL-14672-01
Advertisement
Chapters
Troubleshooting
