06-17-2021 07:26 AM
I am wondering if there is any way we can check all the enabled debugging on Palo Alto firewall.
06-17-2021 07:59 AM
Please describe the use case of enabling all debugging. This may degrade efficiency of the firewall, yet I think your query is interesting. Please provide detail/context.
06-17-2021 08:16 AM
I could not agree more what Steve said.. When you turn on ALL debugging, you run a risk of actually dropping or loosing traffic due to the load that is being placed on the machine/system. And this has even caused outages in the past.. to the point where a lot of the Debugging information has been removed from LIVE, and it is difficult to find it because of that reason.
So, I echo.. tell us what exactly is going on and we may be able to help out.
06-17-2021 09:28 AM
Well I don't want to disable ALL debugging. I saw recent increase in CPU and Memory utilization. So I am curious if there is way we can check if there is any type of debugging enabled, something like show debugs
06-17-2021 08:32 PM
I don't believe that there's a way to view logging levels at a system level. All of the logging levels that you can adjust will have a 'show' option to display the current log level, but I don't believe there's a "global" way of looking at every single log level.
10-22-2021 08:31 PM
this is a a somewhat essential feature and lame that its not available. i understand what the OP wants. in cisco-land you can type "no debug all" to disable any trace of debug left by another user or to quickly kill all debugging. additionally, you can type "show debug" to see all levels of debug that are enabled. PAN firewall desperately needs this feature!
10-23-2021 04:20 AM
Oh, well if that is what they wanted, then they are simply needing this:
debug software logging-level show level service all-services
and to bring the levels back to default
debug software logging-level set level default service all-services
10-25-2021 09:11 AM
10-25-2021 03:06 PM
@anon4all It was as you suggested... turn on whatever you want and the 2nd command will bring them all back to whatever the default settings are, without knowing which debugs are turned on.
05-18-2022 10:26 AM
For reference you can run the command below on firewalls.
>debug software logging-level show level service all-services
This will allow yo to see "all-services" and the debug level currently turned on for them.
You can of course look at specific services by running
>debug software logging-level show level service .....AND now hit TAB to get presented the services you can then choose.
To set all to default level run the following
> debug software logging-level set level default service all-services
This does not work on Panorama.
03-06-2023 11:58 PM
@aggarwat was asking about displaying the running debug similar to "show debug" and disabling all running debug such as "undebug all" it seems that PANOS doesnt have similar commands.
debug software logging-level show level service all-services, seems to display the SERVICE GLOBAL Logging level, but it doesn't show feature specific debugs. For example if we enable this debug "debug ike gateway extranet-ike-gateway on debug" the "debug software logging-level show level service ikemgr" will show level info. But if we enable this debug "debug ike global on debug", "debug software logging-level show level service ikemgr" will show level debug. Is there even a way to verify the status of a specific debug such as "debug ike gateway extranet-ike-gateway"
Regards,
Wafik
03-30-2023 03:40 PM
Any answers here. I have been troubleshooting over the last few months and really want a command that will show me if I have any debugs still active. Panorama and Firewalls.
09-13-2023 06:29 AM
To show:
>debug software logging-level show level service all-services
To reset all to default:
>debug software logging-level set level default service all-services
09-13-2023 07:12 AM - edited 09-13-2023 07:15 AM
As when you were running the command initially from the CLI, you can TAB through the options on a specific command sequence. If you were to run >debug ike global ...and then TAB you will see the options below.
admin@Lab_PA-3250> debug ike global
> off ....Turn off ikemgr debug logging
> on ....Turn on ikemgr debug logging
> show ....show ikemgr debug logging
Some commands you will need to validate within the specific command sequence. This can always be validated by using the contextual assistance in the CLI.
12-19-2023 01:34 PM
Thank you Mhuddleston! Much appreciated!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
