Palo Alto Networks Knowledgebase: Hierarchy of Debug Levels for Daemons in PAN-OS

Hierarchy of Debug Levels for Daemons in PAN-OS

1677
Created On 09/25/18 19:20 PM - Last Updated 09/25/18 23:09 PM
Content Release Deployment
Resolution

While troubleshooting, we may need to enable debug messages for various dameons associated with the issue that we are facing.

 

To do this, we need to understand the debug levels and hierarcy available in PAN-OS.

 

The hierarcy for debug level is as follows:

 

0. Off

1. Error
2. Warn
3. Info
4. Debug
5. Dump (use with caution)

 

Enabling a debug level also enables the debug levels above them.

 

For example, If we enable Info level, it will also turn on Error & Warn. That's why Dump level should be used sparingly.

 

To check the existing debug level for a daemon/function, enter the command:

> debug <daemon/function> show
(OR)
> debug <daemon/function> global show

For example, to check the debug level on the DHCP daemon,

> debug dhcpd global show

 

show.png

 

To enable debug for a daemon, use the command below:

> debug <daemon/function> on <debug-level>
(OR)
> debug <daemon/function> global on <debug-level>

 

For example, to enable debug on  the DHCP daemon,

> debug dhcpd global on debug

deubg.png 

 

After checking the debug logs, remember to revert the debug level to the default.

> debug dhcpd global on info

 

PAN-OS 8.0 introduces a new set of command options that you can use to display and modify the debug levels of the various service. These new commands branch from debug sofware logging-level [tab]. Initial options are "set" and "show."

 

To show the current debug level for all services (PAN-OS 8.0 and later only):

> debug software logging-level show service all-services

To show the debug level and the debug features configurations using debug software logging-level show commands, you must run two separate instances of the command (PAN-OS 8.0 and later only):

debug software logging-level show level service <service-name> 
debug software logging-level show feature service <service-name>

 To set the debug level for all services to their default settings (PAN-OS 8.0 and later only):

> debug software logging-level set level default service all-services

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVhCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language