|
To collect debug as below, catch-all sslvpnd debug until the problem happens.
With this, it will be possible to find out what's the last action before sslvpnd runs into a problem
PART 1: To capture the SSL VPN debugs
Make sure to start this before the problem happens.
If a problem(high CPU or crash) has already happened, kill the daemon to get it fresh started:
diag debug console timestamp enable
fnsysctl date
diag vpn ssl debug-filter clear
diag vpn ssl debug-filter list
diag debug duration 0
diag debug app sslvpn -1
diag debug info
diag debug enable
diag sys top 60 <----- Collect output SSL VPN debug log.
PART 2: To check the system running stat:
diag debug crashlog read
diag debug crashlog clear <----- Only run these two commands at the very beginning.
Using a script to run the below commands every 5-10 minutes:
diag debug enable
diag debug console timestamp enable
fnsysctl date
get vpn ssl monitor <----- Run this for all VDOMS which has SSL VPN running.
diag vpn ssl list <----- Run this for all VDOMS which has SSL VPN running.
get sys perf status
diag sys session stat
diag sys top 2 30 5
diag sys mpstat 2 5
Collect all these logs until the problem happens.
After the problem happens, run 'diag debug crash read' to get the fresh crashlog.
If possible, it is possible to use these steps to catch 2-3 times from the time problem happens.
Then it is possible to compare if there is a similarity in the last action between different shortages.
TAC can be contacted if assistance is required with capturing the debugs or running a script.
|
