Tracing IPsec Operations
Trace operations track IPsec events and record them in a log file in the /var/log directory. By default, this file is named /var/log/kmd.
To trace IPsec operations, include the traceoptions statement at the [edit services ipsec-vpn] hierarchy level:
You can specify the following IPsec tracing flags:
certificates—Trace certificates events.
database—Trace security associations database events.
general—Trace general events.
ike—Trace IKE module processing.
parse—Trace configuration processing.
policy-manager—Trace policy manager processing.
routing-socket—Trace routing socket messages.
snmp—Trace SNMP operations.
timer—Trace internal timer events.
The level statement sets the key management process (kmd) tracing level. The following values are supported:
all—Match all levels.
error—Match error conditions.
info–Match informational messages.
notice—Match conditions that should be handled specially.
verbose—Match verbose messages.
warning—Match warning messages.