Reset Search



KB22509 - What server side logs will be required when I open a Network Connect (NC) or Pulse client case?

« Go Back


Last Modified Date12/11/2015 12:20 AM

The procedure outlined in this article describes the process of enabling and collecting the required server-side log files which are required by Pulse Secure support teams in order to troubleshoot client VPN issues. Pulse Secure Desktop Client combines the features of Odyssey Access Client for LAN access and Network Connect remote access. Users of mobile devices (smartphones) can also use the Pulse Secure Mobile Client for secure connectivity to a Pulse Connect Secure appliance. In this case, please note that any and all references made to the Pulse Secure Desktop Client (Pulse) within the contents of this article specifically refer to the feature which allows for a Layer 3 VPN connection to the Pulse Connect Secure (PCS) appliance on a Windows desktop.

Problem or Goal

The required server side logs for troubleshooting Network Connect or Pulse Secure Desktop Client VPN issues.



Please ensure that you have enabled the corresponding client side logs (See KB9218) before proceeding further with the steps below.


STEP 1:  Enable client side logging on the PCS.
If you do not enable client side logging on the PCS, then the corresponding client log files described in KB9218 will not be generated for Network Connect or Pulse. Client-side logging is useful for debugging problems with a Pulse Connect Secure or Pulse Policy Secure appliance client-side feature such as Pulse. When you enable logging for VPN Tunneling, the appliance writes a log to any client computer that uses the feature. These settings are global, which means that the appliance writes a log file to all clients that use the enabled feature. The appliance then appends to the log file each time the feature is invoked during subsequent user sessions. Please note that logging on the client will be automatically enabled at level 3.

To enable Client-Side logging:
  1. In the Admin Console choose System > Log/Monitoring > Client Side Logs > Settings
  2. Select VPN Tunneling
  3. Select Save Changes

    Screenshot for options at System>Log/Monitoring>Client Logs>Settings

STEP 2:  Enable Debug Log
The server-side debug logging feature may increase overall system load, so we ask that you enable this option only if the following criterion is met:
  • Pulse Secure support has confirmed that debug logging should be enabled.
Debug logs are particularly important in the event of a problem. You will need to set the debug log at a certain level and add the events list as directed below. The debug log and the system configuration should be included in the system snapshot (not enabled by default). The debug log is an encrypted file that cannot be viewed until the decryption process is handled by the Pulse Secure support team.

To enable Debug log:
  1. In the Admin Console choose Maintenance > Troubleshooting > Monitoring > Debug Log
  2. Select Debug Logging On
  3. Set Max Debug Log Size to 50, Debug Log Detail Level to 30, and Event Codes to ipsec,dhcp,dsagentd,ifttls,SBR,sbr (Comma separated, no spaces)
  4. Select Save Changes
User-added image

STEP 3:  Enable TCP Dump on the PCS/PPS
TCP Dump is a packet sniffer which is the built-in to the Pulse Connect Secure & Pulse Policy Secure appliances. This packet capture will be required by Pulse Secure support in order to validate the traffic pattern(s) and behavior on the local network of the appliance.

To enable TCP Dump:
  1. In the Admin Console choose Maintenance > Troubleshooting > Tools > TCP Dump
  2. Make sure that Promiscuous mode is turned on, and that you are sniffing on the Internal Port and External Port (if enabled).
  3. Select Start Sniffing
Note: If you have a large number of users logged in, please create a filter for the assigned VPN Tunneling IP and the source IP of the client. Example: host X.X.X.X or host X.X.X.X. If you are unsure what the VPN tunnel IP and WAN IP of the client will be, then you can log into the appliance from the client in order to obtain this information from the User Access Log.

Unless there are fewer IP addresses than the number of VPN Tunneling users, the user is not getting mapped to the same roles, or the user has not used a VPN tunnel in the last 24 hours then the user will receive the same IP that was assigned during the last connection.

STEP 4:  Recreate the issue

STEP 5: Turn off TCP Dump and Save the capture.
To turn off TCP Dump and save the captured data:
  1. In the Admin Console choose Maintenance > Troubleshooting > Tools > TCP Dump
  2. Select Stop Sniffing
  3. Under the Dump file section choose Raw from the drop down, then select Get to save the file as ive-<date>-<time>.dmp

STEP 6:  Turn off Debug log and take System Snapshot
With this option enabled, the PCS/PPS runs various utilities to gather details on the system state, such as the amount of memory in use, paging performance, the number of processes running, system uptime, the number of open file descriptors, ports in use, and FIPS log messages. The debug log and the system configuration should be included in the system snapshot. The system snapshot and debug log is encrypted and cannot be viewed outside Pulse Secure.

To take system snapshot, turn off debug log, and save the snapshot (which includes the debug log):
  1. In the Admin Console choose Maintenance > Troubleshooting > Monitoring > Debug
  2. Uncheck Debug Logging On
  3. Select Save Changes
  4. Go to Maintenance > Troubleshooting > System Snapshot
  5. Check Include system config and Include debug log
  6. Select Save Changes
  7. Select Take Snapshot
  8. Select <Snapshot-File-Name> to save the file as PulseSecure-state-admin-<date>-<time>

STEP 7:  Collect User Access Log, Event Log, and Administrator Access Log
Collect all the logs at one time:
  1. In the Admin Console choose System > Log/Monitoring > User Access
  2. Select Save All Logs to save all three log files as pulsesecurelogs-graphs.tar.gz

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255