How to set the debug log level of a service back to its default level

Revert the debug log level back to default

• NGFW
• debug logs
• Services

1. Set the service back to its default logging level using one of the below commands. Use the <Tab> button of your keyboard to identify the appropriate command:

   > debug <service> global on <default log-level>

   alternatively

   > debug <service> on <default log-level> 

   Replace <service> with the relevant service name and <default log-level> with either info (or normal), warn, or debug.
   Check which level is the default for each process:
   1. The below processes have the default level set to info (or normal): 
      bfd, contentd, configd (only available starting 10.1.x), cord, crypto, devsrvr, dha, dhcp, distributord, dssd, ehmon, gp_broker(present in and post 10.2.x but not present pre 10.2.x), ikemgr, Device Securityd, keymgr, l2ctrl, logrcvr, md (used to be masterd pre 10.2.x then in and post 10.2.x it is referred by md), mpreplay, pppoe, rasmgr, reportd(only available starting 10.1.x), routed, satd, sdwand, snmpd,  sslmgr, sysdagent, tund, useridd and varrcvr.
   2. The below processes have the default level set to warn: 
      fpp_cp, dnsproxy and web_backend.
   3. The below processes have the default level set to debug: 
      authd, configd and ha_agent.
   4. For certain services such as rasmgr and satd, you might need to execute the command above twice for the changes to take effect.
2. Check the current log level of the service, use the command:

   > debug <service> global show

   alternatively

   > debug <service> show

3. You can also use global commands for the same purpose:
   1. To view the current logging level of all the services:

      > debug software logging-level show level service all-services

   2. To restore the default logging level of all the services:

      > debug software logging-level set level default service all-services

      Be careful when issuing the latter command, as it may unintentionally alter the default log level of both routed and management-server processes. Therefore, it is recommended to follow the lastly mentioned command with both the following commands to revert those two processes to their default info log level: 

      > debug management-server on info

      and

      > debug routing global on info

1. The logging level normal is equivalent to info: some services will show logging level normal in the individual "show" command but info in the global "show" command.
2. The general show CLI command :

> debug software logging-level show level service all-services

might not reflect the correct debug level for the service mgmtsrvr for certain PAN-OS versions. 

For that reason, to check the current logging level of the mgmtsrvr service always use the command:

> debug management-server show

3. The term service can be referred to as process or daemon in other texts.