Enabling logging of IPsec packets

Perform this task to enable the logging of IPsec packets that are discarded because of reasons such as IPsec SA lookup failure, AH-ESP authentication failure, and ESP encryption failure. The log information includes the source and destination IP addresses, SPI value, and sequence number of a discarded IPsec packet, and the reason for the discard.

To enable the logging of IPsec packets:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable the logging of IPsec packets.

ipsec logging packet enable

By default, the logging of IPsec packets is disabled.