SRX

Expand all | Collapse all

Junos Hidden Commands

Elevate07-17-2012 10:25

Elevate07-17-2012 20:04

Elevate02-25-2014 23:06

  • 1.  Junos Hidden Commands

    Posted 07-17-2012 08:46

    Hi,

    This was talked about before and was supposed to be a sticky at the top of the forum for everyone to participate in.  Thought I'd start it off. 

     

    Something I like for VPN debugging, which enables logging to the KMD log by default without the need to commit!

     

    user@srx>request security ike debug-enable local <ip-address> remote <ip-address> level <level>

     and to turn off:

     

    user@srx>request security ike debug-disable

     



  • 2.  RE: Junos Hidden Commands

    Posted 07-17-2012 10:25

    I floated the topic


    #Doods


  • 3.  RE: Junos Hidden Commands

    Posted 07-17-2012 20:04
    thanks for sharing


  • 4.  RE: Junos Hidden Commands

     
    Posted 07-18-2012 00:03
    The request security ike debug-enable is all good for branch, but for high-end, it's a lot more tedious.
    http://kb.juniper.net/InfoCenter/index?page=content&id=KB19943


  • 5.  RE: Junos Hidden Commands

    Posted 07-18-2012 02:16

    Another usefull one for taking a tcpdump of an interface to analyze with Wireshark or similar.

     

    user@srx>monitor traffic interface ge-0/0/1.0 write-file test.pcap

     Can be viewed on the SRX also:

     

    user@srx>monitor traffic read-file test.pcap

     

     

     



  • 6.  RE: Junos Hidden Commands

     
    Posted 07-18-2012 03:47

    Hi

     

    Some more hidden commands:

     

    To see default config settings

     

    lab@srx240# show groups junos-defaults

     To see some system limits (not really hidden, but anyway):

     

    show log nsd_chk_only

     

    To see currently working Junos applications definitions

     

    request pfe execute command "show usp app-def tcp" target fwdd
    request pfe execute command "show usp app-def udp" target fwdd

     And last but not the least,

     

    lab@srx240# commit full

     to make all daemons re-read the configuration.

     

     



  • 7.  RE: Junos Hidden Commands

     
    Posted 08-16-2012 01:19

    May be not so useful, but there are some hidden aliases for comands, e.g. you can use

     

    lab@srx> show security ike sa           
    lab@srx> show security ipsec sa

     

    (sa instead of security-associations).



  • 8.  RE: Junos Hidden Commands

    Posted 02-06-2013 22:35

    Nice. also to add to it,

    if your commit is taking a long time and you want to see where it is taking time, you can try:

     

    # commit |display detail

     

    (again , this is not a hidden command but still useful )

     



  • 9.  RE: Junos Hidden Commands

    Posted 02-17-2013 23:13

     

    Another good one is:

     

    root@SRX210H> start shell pfe network fwdd                              
    
    
    BSD platform (OCTEON processor, 416MB memory, 8192KB flash)
    
    FLOWD_OCTEON(SRX210H vty)# ?
        clear                 clear commands
        connect               connect to a remote TNP endpoint
        debug                 Debug commands
        diagnostic            diagnostic commands
        eth                   eth commands
        jsflib                jsf lib information
        pconnect              connect to a remote PIP endpoint
        peekbyte              display memory in bytes
        peeklong              display memory in 32bit longs
        peekword              display memory in 16bit words
        plugin                plugin information
        pty                   open a pty to a PIC
        quit                  quit TTY environment
        reboot                reboot hardware
        set                   set system parameters
        show                  show system information
        sleep                 pause for a few seconds
        test                  test commands
        undebug               Undebug commands
        vty                   open a vty to a remote TNP endpoint
    
    FLOWD_OCTEON(SRX210H vty)#    
    FLOWD_OCTEON(SRX210H vty)# show threads    
    PID PR State     Name                   Stack Use  Time (Last/Max/Total) cpu
    --- -- -------   ---------------------  ---------  ---------------------
      1 H  asleep    Maintenance           1320/73824  0/8/792 ms  0%
      2 L  running   Idle                  1600/73824  0/15/2839688 ms  0%
      3 H  asleep    Timer Services        1256/73824  0/8/33463 ms  0%
      5 L  asleep    Ukern Syslog           856/73824  0/0/0 ms  0%
      6 L  asleep    Sheaf Background      1120/73824  0/8/1360 ms  0%
      7 M  asleep    mac_db                 856/73824  0/0/0 ms  0%
      8 M  asleep    Docsis                1072/73824  0/8/17890 ms  0%
      9 M  asleep    ATMX                  1312/73824  0/8/46704 ms  0%
     10 M  asleep    XDSL                  1392/73824  0/15/2119765 ms  0%
     11 M  asleep    DSX50ms               1648/73824  0/8/209140 ms  0%
     12 M  asleep    DSXonesec             1264/73824  0/8/20366 ms  0%
     13 M  asleep    SFP                   1216/73824  0/8/32989 ms  0%
     14 M  asleep    Ethernet              2264/73824  0/16/6458174 ms  1%
     15 M  asleep    RSMON syslog thread    896/73824  0/8/227 ms  0%
     16 L  asleep    Syslog                1264/73824  0/8/192 ms  0%
    [...]
    
    FLOWD_OCTEON(SRX210H vty)# show threads 1971
    PID PR State     Name                   Stack Use  Time (Last/Max/Total) cpu
    --- -- -------   ---------------------  ---------  ---------------------
    1971 L  asleep    Cattle-Prod Daemon    3288/73824  0/0/0 ms  0%
    
    Wakeups:
          Type  ID  Enabled  Pending   Context
     Semaphore  00       No       No  0x489ab1e8
         Timer  00       No       No  0x489ab998
        Socket  00      Yes       No  0x4a33aa80
    
    Frame 00: sp = 0x4a336ba8, pc = 0x08014cb0
    Frame 01: sp = 0x4a336c20, pc = 0x0801b9b4
    Frame 02: sp = 0x4a336c58, pc = 0x08047db4
    Frame 03: sp = 0x4a336c88, pc = 0x08046cc0
    Frame 04: sp = 0x4a336ca8, pc = 0x08722374
    Frame 05: sp = 0x4a337130, pc = 0x0802b8ec
    Frame 06: sp = 0x4a337158, pc = 0x00002000
    
    FLOWD_OCTEON(SRX210H vty)# 

     

     



  • 10.  RE: Junos Hidden Commands

    Posted 02-20-2013 21:48

    Ideally, you should never see terms like 'ifd' and 'ifl' in the logs but if you do see them in logs which look something like:

    COSD_GENCFG_WRITE_FAILED: GENCFG write failed for Classifier to IFL 10. Reason: File exists

    (ifd refers to physical interface and ifl refers to logical interfaces. One ifd can have multiple ifls under it. )

    and you want to know which interface it is referring to, you can use the following hidden commands:

     

    cli> show interfaces ifl-index 10

     

    #In case it says ifd, you can use:

    cli> show interfaces ifd-index 10



  • 11.  RE: Junos Hidden Commands

     
    Posted 02-23-2013 12:13

    A command to log in to other node of SRX cluster

     

    {primary:node0}
    lab@E1> request routing-engine login ?
    Possible completions:
      <[Enter]>            Execute this command
      |                    Pipe through a command
    {primary:node0}
    lab@E1> request routing-engine login node 1 
    
    --- JUNOS 12.1R3.5 built 2012-08-09 07:05:23 UTC
    {secondary:node1}
    lab@E2> 

     



  • 12.  RE: Junos Hidden Commands

    Posted 02-27-2013 02:55

    commit full 



  • 13.  RE: Junos Hidden Commands

    Posted 03-15-2013 09:37

    Just to add a little bit more detail.

    Let say somehow you dont have the root login and still you want to capture output on PFE withough going to vty mode.

    Here is the way.

     

     

    admin@SRX210H>request pfe execute target fwdd command "show usp threads"<<<<Just add pfe commands in colun" ".



  • 14.  RE: Junos Hidden Commands

    Posted 07-18-2013 15:24

    I know this is an SRX thread, but I find this one useful all the time on an EX VC: 

     

    operate@Ray-20# run request rou                            
                                   ^
    syntax error.
    operate@Ray-20# run request routing-engine ?                 
    Possible completions:
      login                Allow login to one Routing Engine
    {master:0}[edit]
    operate@Ray-20# run request routing-engine login ?
    Possible completions:
      all-members          Log in to all virtual chassis members
      backup               Log in to backup RE
      local                Log in to local virtual chassis member
      master               Log in to master RE
      member               Log in to specific virtual chassis member (0..9)
      other-routing-engine  Log in to the other Routing Engine
      re0                  Log in to RE0
      re1                  Log in to RE1
    {master:0}[edit]
    operate@Ray-20#                             

     

     

     



  • 15.  RE: Junos Hidden Commands

    Posted 09-06-2013 03:47
     

    Junos contains default configurations in a hidden group named junos-defaults. To see them:

     

    user@srx>show configuration groups junos-defaults

    user@srx>show configuration groups junos-defaults applications



  • 16.  RE: Junos Hidden Commands

    Posted 03-14-2013 11:26

    good share

     



  • 17.  RE: Junos Hidden Commands

     
    Posted 07-18-2012 04:20

    Nice.  Another hidden command I find incredibly useful when troubleshooting is:

     

    bdale@gw210> show chassis cluster information ? 
    Possible completions:
      <[Enter]>            Execute this command
      coldsync             Display coldsync information
      command-history      Display command history
      control-link         Display control link information
      detail               Display all chassis cluster information
      fabric-link          Display fabric link information
      hardware-monitor     Display hardware monitoring information
      interface-monitor    Display interface monitoring information
      issu                 Display ISSU information
      loopback             Display loopback monitoring information
      redundancy-group     Display chassis cluster status per redundancy-group
      spu                  Display SPU information
      |                    Pipe through a command

     Not sure why it's hidden, but "detail" probably does the work of three or for commands in one go!



  • 18.  RE: Junos Hidden Commands

    Posted 07-21-2012 12:11

    Would like to add few more ...

     

       1. Web-management traceoptions -

     

    lab@host1-a# set system services web-management ?                     
    Possible completions:
    + apply-groups         Groups from which to inherit configuration data
    + apply-groups-except  Don't inherit configuration data from these groups
    > control              Control of the web management process
    > http                 Unencrypted HTTP connection settings
    > https                Encrypted HTTPS connections
      management-url       URL path for web management access
    > session              Session parameters
    
    [edit]
    lab@host1-a# set system services web-management traceoptions ?
    Possible completions:
    + apply-groups         Groups from which to inherit configuration data
    + apply-groups-except  Don't inherit configuration data from these groups
    > file                 Trace file information
    > flag                 Area of HTTPD process to enable debugging output
      level                Level of debugging output
      no-remote-trace      Disable remote tracing
    [edit]

     2. Disabling UTM process

     

    [edit]
    lab@host1-a# set system processes ut
                                        ^
    syntax error.
    edit]
    lab@host1-a# set system processes utmd disable 
    
    [edit]
    lab@host1-a# show | compare 
    [edit system]
    +   processes {
    +       utmd disable;
    +   }
    
    [edit]
    lab@host1-a# commit check 
    configuration check succeeds

     3.  ALG Configuration

     

    lab@host1-a# run show security alg configuration 
    ALG Activation List:
      DNS      : Activated
      FTP      : Activated
      H323     : Activated
      MGCP     : Activated
      REAL     : Activated
      RSH      : Activated
      RTSP     : Activated
      SCCP     : Activated
      SIP      : Activated
      SQL      : Activated
      TALK     : Activated
      TFTP     : Activated
      PPTP     : Activated
    
    DNS Configuration:
      Maximum Message Length               : 0
    
    FTP Configuration:
      FTP FTPS extension               : No
      Line Break extension:        : No
      Allow Mismatch IP Address:        : No
                                            
    H323 Configuration:
      Endpoint Registration Timeout        : 3600
      Media Source Port Any                : Off
      Application Screen
        Unknown Message NAT packets        : Deny
        Unknown Message Routed packets     : Deny
        Message Flood Gatekeeper Threshold : 1000
        DSCP Codepoint                     : 64
    
    MGCP Configuration:
      Inactive Media Timeout               : 120
      TransactionTimeout                   : 30
      Max Call Duration                    : 720
      Application Screen
        Unknown Message NAT packets        : Deny
        Unknown Message Routed packets     : Deny
        Message Flood Threshold            : 1000
        Connection Flood Threshold         : 200
        DSCP Codepoint                     : 64
    
    SCCP Configuration:
      Inactive Media Timeout               : 120
      Application Screen                    
        Unknown Message NAT packets        : Deny
        Unknown Message Routed packets     : Deny
        Call Flood Threshold               : 20
        DSCP Codepoint                     : 64
    
    SIP Configuration:
      Inactive Media Timeout               : 120
      Max Call Duration                    : 720
      T1 Interval                          : 500
      T4 Interval                          : 5
      C Timeout                            : 3
      DSCP Codepoint                       : 64
      Application Screen
        Unknown Message NAT packets        : Deny
        Unknown Message Routed packets     : Deny
        Protect Deny Timeout               : 5
        Protect Deny Destination IP List
    
    [edit]

     

     and  for fun ...

     

    [edit]
    lab@host1-a# run show version and haiku    
    Hostname: host1-a
    Model: srx240h-poe
    JUNOS Software Release [11.4R1.6]
    
    
            Look, mama, no hands!
            Only one finger typing.
            Easy: commit scripts.

     

     



  • 19.  RE: Junos Hidden Commands

    Posted 08-13-2012 11:55

    Can someone paste contents of KB19943

     



  • 20.  RE: Junos Hidden Commands

     
    Posted 08-16-2012 03:13

    To summarisr KB19943: How can I enable IKE traceoptions for only specific security associations?

     

    request security ike debug-enable local <local-ip> remote <remote-ip> level <numer>

     Where level 7 should be high enough for most useful logs



  • 21.  RE: Junos Hidden Commands

    Posted 10-14-2012 20:26

    This is awesome guys. Thanks a ton. loving learning it 



  • 22.  RE: Junos Hidden Commands

    Posted 10-14-2012 23:25
    show system and haiku 🙂


  • 23.  RE: Junos Hidden Commands

    Posted 01-13-2013 00:10

    Would be more usefull in HA,

     

    To enable or disable the vlan tagging/untagging in control link.

     

    Spoiler
    root@SRX# run set chassis cluster control-link-vlan ?
    Possible completions:
      disable              Disable control VLAN tag
      enable               Enable control VLAN tag
      reboot               Reboot the system after setting the identifiers
    [edit]
    root@SRX# run set chassis cluster control-link-vlan

     

     

     



  • 24.  RE: Junos Hidden Commands

    Posted 02-25-2014 23:06
      |   view attached

     

    summarry file 

     

    until 2014/02/26

    Attachment(s)



  • 25.  RE: Junos Hidden Commands

    Posted 12-05-2014 13:44

    request routing-engine login node  is not valid for high end SRX i guess it only works on Branch Devices.



  • 26.  RE: Junos Hidden Commands

    Posted 02-03-2015 02:23

    To login to other High-End node:

     

    {primary:node1}
    user@SRX-node1> start shell
    % rlogin -Jk -T node0

    --- JUNOS 12.1X44-D40.2 built 2014-08-28 12:48:56 UTC
    {secondary:node0}
    user@SRX-node0>



  • 27.  RE: Junos Hidden Commands

    Posted 02-23-2015 10:45

    I'm surprised nobody listed:

     

    request pfe execute target fwdd command "sh usp ipsec sa"
    restart ipsec-key-management

     



  • 28.  RE: Junos Hidden Commands

     
    Posted 04-16-2015 02:15

    Hi mflyger,

     

    These are not hidden.



  • 29.  RE: Junos Hidden Commands

    Posted 04-25-2015 11:44
    shows interfaces and indexes (not snmp!)

     

    mmalik@FW1> show pfe ?

    Possible completions:

      data                 Show Packet Forwarding Engine data

      fpc                  Show Flexible PIC Concentrator status and statistics

      fwdd                 Show forwarding process status and statistics

      next-hop             Show Packet Forwarding Engine next-hop information

      pfem                 Show pfem information

      route                Show Packet Forwarding Engine routing table

      statistics           Show Packet Forwarding Engine statistics

      terse                Show list of Packet Forwarding Engine components

      version              Show pfe version

    mmalik@FW1> show pfe interfaces

    ================ master ================

     

    Index  Name                 Type         Flags  Slot   State

    -----  -------------------- -----------  ------ -----  ------

        0  .local.              Local        0x0000000000000010 local  Up

    49155  .pfe                 Software     0x0000000000000040 local  Up

        5  dsc                  Unspecified  0x0000000000000000 local  Up

      134  ge-0/0/0             Ethernet     0x0000000000008000     0  Up

      135  ge-0/0/1             Ethernet     0x0000000000008000     0  Up

      137  gr-0/0/0             Unspecified  0x0000000000000000     0  Up

       10  gre                  Unspecified  0x0000000000000000 local  Up

      138  ip-0/0/0             Unspecified  0x0000000000000000     0  Up

       11  ipip                 Unspecified  0x0000000000000000 local  Up

      129  irb                  Unspecified  0x0000000000000000 local  Up

        6  lo0                  Unspecified  0x0000000000000000 local  Up

        4  lsi                  Unspecified  0x0000000000000000 local  Up

      139  lsq-0/0/0            Unspecified  0x0000000000008000     0  Up

      141  lt-0/0/0             Unspecified  0x0000000000008000     0  Up

      140  mt-0/0/0             Unspecified  0x0000000000008000     0  Up

       64  mtun                 Unspecified  0x0000000000000000 local  Up

       26  pimd                 Unspecified  0x0000000000000000 local  Up

       25  pime                 Unspecified  0x0000000000000000 local  Up

      128  pp0                  Unspecified  0x0000000000008000 local  Up

      131  ppd0                 Unspecified  0x0000000000008000 local  Up

      132  ppe0                 Unspecified  0x0000000000008000 local  Up

      136  sp-0/0/0             Unspecified  0x0000000000008000     0  Up

      130  st0                  Secure-Tunnel 0x0000000000000040 local  Up

       12  tap                  Unspecified  0x0000000000000000 local  Up

      133  vlan                 Unspecified  0x0000000000000001 local  Harddown

     

    Index  Name                 Type           Encapsulation   Flags

    -----  -------------------- -------------  --------------  ------

        0  .local..0            Unspecified    Unspecified     0x0000000000000010     0

        1  .local..1            Unspecified    Unspecified     0x0000000000000052     0

        2  .local..2            Unspecified    Unspecified     0x0000000000000052     0

       67  .local..3            Unspecified    Unspecified     0x0000000000000052     0

       68  .local..4            Unspecified    Unspecified     0x0000000000000052     0

    131075  .pfe.0              Unspecified    Unspecified     0x0000000000000040     0

       69  ge-0/0/0.0           Ethernet       Ethernet        0x000000000000c000     0

       65  lo0.16384            Unspecified    Unspecified     0x0000000000008052     0

       64  lo0.32768            Unspecified    Unspecified     0x0000000000000052     0

       66  lo0.16385            Unspecified    Unspecified     0x0000000000008052     0

       70  sp-0/0/0.0           Services       Services        0x0000000000008010     0

       71  sp-0/0/0.16383       Services       Services        0x0000000000008010     0

     

    mmalik@FW1> show pfe interfaces statistics

    ================ master ================

     

    Index  Name                    Input Packets       Output Packets  State

    -----  ---------------- -------------------- --------------------  -----

      134  ge-0/0/0                         2454                   41  Up

      135  ge-0/0/1                            0                    0  Up

      137  gr-0/0/0                            0                    0  Up

      138  ip-0/0/0                            0                    0  Up

      129  irb                                 0                    0  Up

      139  lsq-0/0/0                           0                    0  Up

      141  lt-0/0/0                            0                    0  Up

      140  mt-0/0/0                            0                    0  Up

      128  pp0                                 0                    0  Up

      131  ppd0                                0                    0  Up

      132  ppe0                                0                    0  Up

      136  sp-0/0/0                            0                    0  Up

      130  st0                                 0                    0  Up

      133  vlan                                0                    0  Harddown

     

     

    show tnp addresses

     

    mmalik@FW1> show tnp addresses

       Name                TNPaddr   MAC address    IF     MTU E H R

    master                   0x1 00:00:00:00:00:00 lo0    1500 0 0 3

     

    show chassis cluster information

     

     



  • 30.  RE: Junos Hidden Commands

     
    Posted 10-14-2015 01:11

    Hi All

     

    There is also an automated way to search for hidden commands (at least in op mode) with a script. Here is a link

    https://github.com/pklimai/junos_hidden_commands

     



  • 31.  RE: Junos Hidden Commands

    Posted 02-28-2016 21:07

    Comand to convert HA from Active-Active[default mode] to Active-backup.

     

    set chassis cluster redundancy-mode active-backup

     

    Yes, this is a hidden command but is very handy in releasing NAT resources.

    Catch1: Command once set in config requires reboot of both the nodes.

    Catch2: Customer would only be able to run RG-1 for data.[i.e. only 1 Rg for data]

     

    Regards,

     

    Rahul

    CFTS-SRX



  • 32.  RE: Junos Hidden Commands

    Posted 03-26-2016 21:13

    Hidden command to login into the PFE from a non-root account, applicable only on SRX Branch series. Other wise login to the PFE can be done using root account or one need to run tyhe command in the below manner to get the output

    user@SRX-3> request pfe execute target fwdd command "show usp ipsec sa"

     

    So a hidden command is present using which you may login into SRX without a non-root account.

     

    user@SRX-3> start shell pfe network fwdd 


    BSD platform (VMWare virtual processor, 1536MB memory, 16384KB flash)

    FLOWD_VSRX(SRX-3 vty)#



  • 33.  RE: Junos Hidden Commands

    Posted 09-04-2014 03:58

    Hi, different question:

    is there a hidden command to accept and work with "normal" SFP+ SR even if the module officially supports only SFP+ SR ET (extended temperature)?

    Module would be: SRX-MIG-10XG-SFPP in SRX5800

    According to page 9 of http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/topic-collections/hardware/srx-series/srx-transceivers/srx-transceiver-guide.pdf

    only EX-SFPP-10GE-SR-ET or EX-SFPP-10GE-LR are supported.

     

    But the temperature inside the SFP always is way below 73 degree celsius so normal SFP+-SR could be sufficient.

    Regards

    --Stefan



  • 34.  RE: Junos Hidden Commands

    Posted 09-04-2014 06:10

    Hi, a few hidden commands that oneday have helped me:

    1) ike gateway ... local-address ... - when the gateway iface from another side has a 2-nd ip, and you set a VPN with it

    2) protocols ospf no-active-backbone - when there is only 1 router in area 0 and you need to send a default route to stub area



  • 35.  RE: Junos Hidden Commands

    Posted 12-05-2014 05:35

    Hi All,

     

    "set apply-flags omit" is a useful one, expetialy in big configs.

     

    lab@A# set apply-?        
    Possible completions:
    + apply-groups         Groups from which to inherit configuration data
    + apply-groups-except  Don't inherit configuration data from these groups
    
    
    [edit firewall]
    lab@A# set apply-flags omit    
    
    
    lab@A# show
    ...
    firewall { /* OMITTED */ };
    ...

     

     

    PS can be used in any hierarchy, for example for lo0.0 input CoPP filters.



  • 36.  RE: Junos Hidden Commands

    Posted 06-15-2017 09:35

    Thank you for sharing, 

     

    few I know might be helpful

     

    request pfe execute command “show sfp list” target fpc0

    request pfe execute command “show nvram” target fpc0

    request pfe execute command “show syslog messages” target fpc0



  • 37.  RE: Junos Hidden Commands

    Posted 06-27-2017 22:05

     

    Heres one for you:  show security pki statistics

     

    hidden statistics for the pkid deamon!

     

     

    root@vsrx> show security pki ?
    Possible completions:
      ca-certificate       Show certificate-authority certificate information
      certificate-request  Show PKCS-10 certificate request information
      crl                  Show certificate revocation list information
      local-certificate    Show router certificate information
    
    root@vsrx> show security pki statistics 
    
    Statistic Name                 Value
    --------------                 -----
    iked_msgs_inv:                   0              
    iked_msgs_rxd:                   935            
    iked_msgs_txd:                   951            
    cc_kp_req:                       2              
    cc_kp_success:                   2              
    cc_kp_fail:                      0              
    cc_id_ip:                        0              
    cc_id_dn:                        1              
    cc_id_fqdn:                      0              
    cc_id_user_fqdn:                 0              
    cc_verify_req:                   1              
    cc_verify_success:               1              
    cc_verify_fail:                  0              
    cc_inv_ids:                      0              
    cc_inv_cert_count:               0              
    ocsp_requests_duplicate:         0              
    ocsp_requests_sent:              0              
    ocsp_resp_success:               0              
    ocsp_resp_timeout:               0              
    ocsp_resp_malformed_req:         0              
    ocsp_resp_internal_error:        0              
    ocsp_this_update_failed:         0              
    ocsp_next_update_failed:         0              
    ocsp_resp_try_later:             0              
    ocsp_resp_sign_required:         0              
    ocsp_sign_verify_failed:         0              
    ocsp_http_parse_error:           0              
    ocsp_missing_cert_id:            0              
    ocsp_resp_unauthorized:          0              
    ocsp_rev_status_success:         0              
    ocsp_rev_status_revoked:         0              
    ocsp_rev_status_unknown:         0              
    ocsp_nonce_check_failed:         0              
    ca_config_req_received:          474            
    ca_config_resp_sent:             474            
    crl_download_req_received:       458            
    crl_download_resp_sent:          474            
    mem_alloc_type_invalid:          0              
    mem_free_type_invalid:           0              
    mem_free_alloc_external:         0