This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

export ike debug to syslog

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

export ike debug to syslog

Go to solution
SeanHuff
L0 Member

‎04-07-2025 01:52 PM

Hello,

 

We are having an intermittent tunnel issue. We have debug turned on in the ike logs and when I view them on the box I see all the debug logs. However, these rollover pretty fast and if the issue occurs and no one logs in to pull the logs within an hour or so then they are gone. We have set up a syslog server and the palo is sending logs to the syslog, but the ike logs being sent are standard/vanilla and not debug. Is anyone aware of how to send the ike debug logs to the syslog so we can have those logged/saved in our syslog?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-07-2025 02:43 PM

@SeanHuff,

You're talking about the actual process logs (less mp-log ikemgr.log)? I don't believe that this functionality exists at all natively in any way. I would script an export ('scp export log-file management-plane to user@host:path'  ) and just have the script adjust the path for each hour that you run the export. Then when it happens again you can actually go back and review it.

View solution in original post

(1)
3 REPLIES 3

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-07-2025 02:43 PM

@SeanHuff,

You're talking about the actual process logs (less mp-log ikemgr.log)? I don't believe that this functionality exists at all natively in any way. I would script an export ('scp export log-file management-plane to user@host:path'  ) and just have the script adjust the path for each hour that you run the export. Then when it happens again you can actually go back and review it.

(1)

Go to solution
SeanHuff
L0 Member
In response to BPry

‎04-10-2025 01:19 PM

I have a script running that has the palo scp over logs. They are, unfortunately, a large tarball (~115mb). Is there a way to just target the ikemgr log file and not grab everything. I'm filling up my 100gig vm pretty quickly. 

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-10-2025 01:23 PM

@SeanHuff,

Unfortunately, I don't believe that this functionality exists anymore. There used to be an option to export a single file, but modern PAN-OS forces you to grab the entire thing for some reason. 

0 Likes Likes
  • 1 accepted solution
  • 480 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks