Enabling logging for IPsec packets

Perform this task to enable logging for IPsec packets that are discarded for reasons such as IPsec SA lookup failure, AH-ESP authentication failure, and ESP encryption failure. The log information includes the source and destination IP addresses, SPI value, and sequence number of a discarded IPsec packet, and the reason for the discard.

1. Enter system view.

   system-view

2. Enable logging for IPsec packets.

   ipsec logging packet enable

   By default, logging for IPsec packets is disabled.