How to check debug level for all daemons ?
27143
Created On 01/24/21 14:16 PM - Last Modified 06/26/24 09:22 AM
Objective
How to check what level of logging is configured for all the services?
Environment
- Palo Alto Firewall only.
- Any PAN-OS ( for version 10.2 and later , there are changes in processes , please see Additional Information)
Procedure
- Following are the list of Logging levels
- info
- warn
- error
- debug
- dump
- normal
- The following command lists the logging level for all the services.
debug software logging-level show level service all-services
Example
PA-5280> debug software logging-level show level service all-services
md - s0.mp.5045-0 - info
sysdagent - s0.mp.5255-0 - info
ehmon - s0.mp.5438-0 - info
chasd - s0.mp.5437-2 - info
contentd - s0.mp.5536-0 - info
plugin_api_server - s0.mp.5573-0 - info
dagger - s0.mp.5542-1 - info
crypto - s0.mp.6388-0 - info
csad - s0.mp.7059-0 - info
reportd - s0.mp.7068-0 - info
distributord - s0.mp.7062-1 - info
iotd - s0.mp.7063-1 - info
useridd - s0.mp.7075-1 - info
configd - s0.mp.7057-0 - info
configd - s0.mp.7057-2 - info
mgmtsrvr - s0.mp.7171-0 - info
mgmtsrvr - s0.mp.7171-2 - info
mgmtsrvr - s0.mp.7171-3 - info
dhcp - s0.mp.7359-0 - info
ha_agent - s0.mp.7382-1 - debug
dnsproxy - s0.mp.7367-0 - warn
ifmgr - s0.mp.7384-0 - info
l2ctrl - s0.mp.7421-0 - info
ikemgr - s0.mp.7407-1 - info
pppoe - s0.mp.7430-0 - info
keymgr - s0.mp.7412-1 - info
rasmgr - s0.mp.7436-0 - info
gp_broker - s0.mp.7377-1 - info
satd - s0.mp.7447-0 - info
logrcvr - s0.mp.7427-1 - info
sslmgr - s0.mp.7449-2 - info
varrcvr - s0.mp.7452-2 - info
authd - s0.mp.7353-0 - debug
snmpd - s0.mp.7567-0 - info
routed - s0.mp.7440-1 - info
unknown - s0.mp.7787-2 - warn
satd - s0.mp.7447-2 - info
unknown - s0.mp.8008-2 - warn
unknown - s0.mp.8007-2 - warn
unknown - s0.mp.8009-2 - warn
cord - s0.mp.7058-0 - info
devsrvr - s0.mp.7060-4 - info
md - s1.cp.1300-0 - info
ehmon - s1.cp.1321-0 - info
sysdagent - s1.cp.1323-0 - info
brdagent - s1.cp.1336-0 - info
md - s1.dp1.1394-0 - info
md - s1.dp2.1394-0 - info
sysdagent - s1.dp2.1425-0 - info
sysdagent - s1.dp1.1424-0 - info
md - s1.dp0.1394-0 - info
sysdagent - s1.dp0.1424-0 - info
fpp_cp - s1.cp.1406-0 - warn
mprelay - s1.cp.1404-11 - info
brdagent - s1.dp2.1451-0 - info
brdagent - s1.dp1.1450-0 - info
brdagent - s1.dp0.1450-0 - info
comm - s1.cp.1419-10 - error
dha - s1.dp0.1459-24 - info
dssd - s1.dp0.1460-24 - info
dssd - s1.dp2.1462-24 - info
fwcd - s1.dp2.1463-24 - info
dha - s1.dp2.1461-24 - info
tund - s1.dp2.1466-24 - info
fwcd - s1.dp0.1461-24 - info
bfd - s1.dp0.1456-24 - info
bfd - s1.dp2.1458-24 - info
tund - s1.dp0.1464-24 - info
mprelay - s1.dp2.1464-24 - info
mprelay - s1.dp0.1462-24 - info
fwcd - s1.dp1.1461-24 - info
dha - s1.dp1.1459-24 - info
tund - s1.dp1.1464-24 - info
bfd - s1.dp1.1456-24 - info
dssd - s1.dp1.1460-24 - info
sdwand - s1.dp0.1463-24 - info
mprelay - s1.dp1.1462-24 - info
sdwand - s1.dp2.1465-24 - info
sdwand - s1.dp1.1463-24 - info
cmd - s1.dp0.1457-24 - info
cmd - s1.dp2.1459-24 - info
comm - s1.dp0.1458-24 - error
comm - s1.dp2.1460-24 - error
cmd - s1.dp1.1457-24 - info
comm - s1.dp1.1458-24 - error
comm - s1.dp2.1460-35 - error
comm - s1.dp1.1458-35 - error
comm - s1.dp0.1458-35 - error
unknown - s0.mp.19080-2 - info
- Certain services (like ha_agent and authd) are configured by default with debug logging level. Others (like dnsproxy and web_backend) are configured by default with warn logging level.
- To restore the logging level to default the following command works on most of the services listed above:
> debug software logging-level set level default service all-services
Note: Some services (like management-server) are not restored to their default level using this command and for those you need to manually restore their log level back to default
> debug management-server on info
and
> debug routing global on infoto check the debug level use:
> debug management-server show management-server debug:info Features: > debug routing global show sw.routed.runtime.debug.level: info
Note: Depending on the running PAN-OS version, the general command that restores all services to their default log level might change the log level for the "management-server" and "routed" daemon to debug. Make sure to issue the individual commands for those two daemons to revert them to their default log level, which is info.
Additional Information
The logging level normal is equivalent to info: some daemons will show logging level normal in the individual "show" command but info in the general/global "show" command.
Process has been renamed. With PAN-OS 10.2 all instances of masterd in the CLI were replaced with md.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/changes-to-default-behavior/changes-to-default-behavior-in-pan-os-10-2
Also starting with 10.2.x , appweb3(ssl-vpn) daemon has been replaced with gpsvc daemon due to internal architectural process changes.
There is also another daemon introduced which is gp_broker which facilitates gpsvc communication with certain PAN-OS daemons.