542Predefined user rolesnetwork-adminUsage guidelinesThis command enables the device to output logs for the IPsec negotiation process.This command is available only in non-FIPS mode.Examples# Enable logging for IPsec negotiation. system-view[Sysname] ipsec logging negotiation enableipsec logging packet enableUse ipsec logging packet enable to enable logging for IPsec packets.Use undo ipsec logging packet enable to disable logging for IPsec packets.Syntaxipsec logging packet enableundo ipsec logging packet enableDefaultLogging for IPsec packets is disabled.ViewsSystem viewPredefined user rolesnetwork-adminUsage guidelinesAfter logging for IPsec packets is enabled, the device outputs a log when an IPsec packet isdiscarded. IPsec packets might be discarded due to lack of inbound SA, AH/ESP authenticationfailure, or ESP encryption failure. A log contains the source and destination IP addresses, SPI, andsequence number of the packet, and the reason it was discarded.Examples# Enable logging for IPsec packets. system-view[Sysname] ipsec logging packet enableipsec { ipv6-policy | policy }Use ipsec { ipv6-policy | policy } to create an IPsec policy entry and enter its view, or enter the viewof an existing IPsec policy entry.Use undo ipsec { ipv6-policy | policy } to delete the specified IPsec policy.Syntaxipsec { ipv6-policy | policy } policy-name seq-number [ gdoi | isakmp | manual ]undo ipsec { ipv6-policy | policy } policy-name [ seq-number ]