Exam 156-586 topic 1 question 14 discussion

Answer is C

In Check Point firewalls, the fw ctl zdebug command is used for kernel debugging, and sometimes messages can be lost if the buffer is too small to hold all the data. To resolve this, you can increase the debug buffer size by using the -buf parameter. The command: fw ctl zdebug -buf 32768 will increase the buffer size to 32,768 KB, allowing more data to be captured before messages are lost.

zdebug o debug dont support -o flag and you never will point to a dest file with "./"

zdebug o debug dont support -o flag and you never will point to a dest file with "./"

You cannot redirect output to a file using -o

IN this situation u can only encrease buf but only at debug not at zdebug

You cannot set buffer with zdebug, but you can redirect output to a file

zdebug o debug dont support -o flag and you never will point to a dest file with "./"

Correct answer is C. Options A and D are incorrect because fw ctl zdebug does not support a -buf parameter to increase the buffer size.

R81.20 CCTE study guide: page 234: fw ctl zdebug only allocates 1024K for the buffer. page 273: fw ctl debug if more control is needed. That eliminates C and D Answer A is correct for setting the the buffer for a debug session. Answer B is correct for redirecting the output to a file. I think the answer they're looking for is B, since genereal advice is to redirect output to a file for further investigation if necessary.

At first I was thinking C, but to output to a file the command is: fw ctl zdebug > /var/log/tmp/fw_ctl_zdebug_drop.txt therefore C and by extension B cannot be correct and D cannot be correct as you cannot adjust the buffer in zdebug as it's fixed to 1024, therefore A is the only possible answer.

zdebug does not allow the user to allocate a buffer. It automatically enables a 1MB buffer. So, this makes option A and D invalid. The only option is to save all information into a file.