Description
This article describes how to enable/disable high priority kernel debug messages (such as kernel panic backtraces) to display on the console.
The feature added that the kernel's printk level was raised in system to ensure that kernel panic dumps are always visible on console.
That, in combination with the SNAT code using an improper printk level, is causing the output to be visible when it should not.
For example, the ippool log message is repeated continuously after one successful ping. So the system CPU/Memory resources are exhausted and the system does not operate properly due to the output of a large amount of debug messages.
Proxy# execute ping 172.20.10.1
PING 172.20.10.1 (172.20.10.1): 56 data bytes
64 bytes from 172.20.10.1: icmp_seq=4 ttl=255 time=1534.4 ms
[ 140.450697] id 1 pool count 1 ip count 7
[ 140.450710] start 0xac140adf count 7
[ 140.507023] id 1 pool count 1 ip count 7
[ 140.522452] id 1 pool count 1 ip count 7
[ 140.553971] start 0xac140adf count 7
[ 140.600870] start 0xac140adf count 7
[ 140.694785] id 1 pool count 1 ip count 7
Scope
FortiProxy v7.0.11 and above.
Solution
This new CLI command was added in the 7.0.11 version and is able to enable/disable kernel debug messages on the console.
To prevent unnecessary kernel messages from occurring, the CLI command below has been added to 7.0.11 later and is able to be set by enable/disable.
config system global
set kernel-panic-debug enable/disable
end
Related document:
FortiProxy CLI Interface
