Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2626
Views
5
Helpful
7
Replies

Any way to have ASA "debug" commands stay on?

Go to solution
thomasdzubin
Level 1
Level 1

‎03-18-2008 01:40 PM - edited ‎03-11-2019 05:19 AM

ASA v8.03: I've noticed that if I turn on various debug commands (eg: "debug crypto isakmp sa"), they seem to be automatically turned off when I exit my SSH session. Is there any way to keep them persistent between sessions? Cisco routers (IOS) keep debug settings after I exit.

Basically I'm looking for a rare occurrence in my debug logs, but I don't want to stay logged in all the time.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
abinjola
Cisco Employee
Cisco Employee

‎03-24-2008 02:29 PM

send them to your log server

log debug-trace

View solution in original post

7 Replies 7

Go to solution
tstanik
Level 5
Level 5

‎03-24-2008 02:24 PM

This is not possible since a command is run for that specific instance of the SSH session. When the session is terminated the command is also terminated.

0 Helpful

Go to solution
thomasdzubin
Level 1
Level 1
In response to tstanik

‎03-24-2008 02:44 PM

I just find it odd that I can SSH into a *router* (IOS) and the debug stays on even when I terminate the SSH session. Yeah, I know the PIX/ASA firewalls and IOS routers are different products that work different, but it would be nice to have debug consistency

0 Helpful

Go to solution
abinjola
Cisco Employee
Cisco Employee

‎03-24-2008 02:29 PM

send them to your log server

log debug-trace

Go to solution
thomasdzubin
Level 1
Level 1
In response to abinjola

‎03-24-2008 02:45 PM

Yes, that's what I finally ended up doing. Thanks

0 Helpful

Go to solution
malkhati
Cisco Employee
Cisco Employee
In response to abinjola

‎07-28-2020 03:07 PM

We have to use the command "logging debug-trace persistent" and then input the debugs we want to run, because if we had the debugs applied before that command, those debugs will not persist after ending the session.

To confirm that you debugs will remain after ending the session , use the command "show debug" and look for the "persistent" keyword , as the below example :

debug aaa shim enabled at level 255
debug aaa shim enabled at level 255 (persistent)
debug webvpn enabled at level 255
debug webvpn enabled at level 255 (persistent)
debug webvpn xml enabled at level 255
debug webvpn xml enabled at level 255 (persistent)
debug webvpn anyconnect enabled at level 255
debug webvpn anyconnect enabled at level 255 (persistent)

0 Helpful

Go to solution
lukasl1991
Level 1
Level 1
In response to malkhati

‎02-29-2024 07:29 AM

Unfortunately, the persistent debug doesn't work in 9.9(2)80 anymore. logging debug-trace persistent is quite useless when all debuggers won't. Do you have information on that?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to lukasl1991

‎02-29-2024 08:05 AM

This old post 

Make new one it is better 

MHM

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card