“raccoon” is traditionally the vpn process in macOS that you’d want to look for in logs. To look at anything logged by the Network Extension framework subsystem run this command. You can modify it accordingly if you want to 48h (for 2 days) or 10m (for minutes) depending on how far back you need to look. For that reason, you’ll notice I use -last 8h which references the fact that I want only the last 8 hours of logged information to be shown. Secondly, the log command can be very verbose and depending on the predicate filter, the resulting log file might be too large. You can obviously write out the log to any other location. The Logs Commandsīefore I get to the one line of code, I’d like to go through walk you through the process on how I got there.įirst off, it’s important to understand that I’m asking users to run this and it’s much easier to write the log to a common location which I’ve simply chosen: /Users/Shared/system-dns-logstream.log. Combined with the knowledge that you need to really look at the log stream, I went to work on writing a lengthy one line command that I could then run to capture relevant information that the system has logged. However, the commands do provide a little bit of clarity as to what processes or terms we want to look for. Obviously, this is problematic if we we’re looking for information. One of the first things I noticed, is that not as much is written as one would expect in /var/log/system.log. This command will go through the last 1500 lines in the system.log and only show lines which match any of the phrases separated by “|”. bin/sh -c /usr/bin/tail -n 15000 /var/log/system.log | /usr/bin/egrep -i "kernel|launchd|vpn|dns|configd|racoon|umbrella" It captures quite a decent amount of information. For this part of the process, I had some assistance from the third party Cisco Umbrella Diagnostic Tool. Once you have an idea of how to use the log command, you need to then know what to look for. But the page alone isn’t sufficient which is why the above blog posts are really handy. They do provide a few examples which I do think are helpful for how you can combine different expressions under the -predicate filter option. If you look at the man page for the log command, it can be quite overwhelming at first glance. I won’t go into the history, but will instead reference a few good resources that have helped me understand things a bit better as it pertains to the unified log system: You will first want to look at logs generated by the OS itself. However, what are these “logs” that we’re supposed to be looking at? Ideally, the user provides some a timestamps to make looking at the logs a little easier. It’s important to gather logs to at least start looking what could be causing the problem. However, it may not be sufficient to reach a resolution. The questions above give you a bit of context as to how the problem manifests. Additionally, some of these questions the user may have already answered when they reached out for assistance. Some of those questions you may easily be able to answer yourself through your own management tools. Does the problem occur if X software is disabled/uninstalled?.Have you noticed a pattern as to when the problem occurs?.Are you using any VPN connection when this problem occurs?. Do you have dates/times for when the problem occurred?.Does the problem occur after you’ve left the computer idle for some time?.a friend’s house, at home, in the office, etc.)? Are you experiencing the problem on a completely different network (e.g.Are you experiencing the problem on a personal hotspot connection?.Are you experiencing the problem on a wireless connection?.Are you experiencing the problem on a wired connection?.If you go to the Apple menu > System Preferences > Network, can you confirm the active connections (with a green dot) and the order in which they appear?.Have you recently installed any software?.There should be a series of questions that you ask the end user having the problem which are not limited but should include: The goal of this post is in a way to help future me but also to share what I’ve learned in the process in terms of troubleshooting these kinds of networking issues. Working from home makes it even more difficult to determine what the cause might be. These kind of issues can be caused by all sorts of reasons: network configuration, DNS resolvers, the VPN connection and its configuration, third party clients, updates to macOS, etc. Over the past few months, I’ve found myself having to troubleshoot a variety of DNS and VPN-related issues that a small subset of our users have encountered.
0 Comments
Leave a Reply. |