Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Tracing IPsec Operations


Trace operations track IPsec events and record them in a log file in the /var/log directory. By default, this file is named /var/log/kmd.

To trace IPsec operations, include the traceoptions statement at the [edit services ipsec-vpn] hierarchy level:

You can specify the following IPsec tracing flags:

  • all—Trace everything.

  • certificates—Trace certificates events.

  • database—Trace security associations database events.

  • general—Trace general events.

  • ike—Trace IKE module processing.

  • parse—Trace configuration processing.

  • policy-manager—Trace policy manager processing.

  • routing-socket—Trace routing socket messages.

  • snmp—Trace SNMP operations.

  • timer—Trace internal timer events.

The level statement sets the key management process (kmd) tracing level. The following values are supported:

  • all—Match all levels.

  • error—Match error conditions.

  • info–Match informational messages.

  • notice—Match conditions that should be handled specially.

  • verbose—Match verbose messages.

  • warning—Match warning messages.