Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring NETCONF Tracing Operations

NETCONF Tracing Operations Overview

Starting with Junos OS Release 12.2, you can configure tracing operations for the NETCONF XML management protocol. NETCONF tracing operations record NETCONF session data in a trace file. By default, NETCONF tracing operations are not enabled.

To enable NETCONF tracing operations and to trace all incoming and outgoing data from NETCONF sessions on that device, configure the flag all statement. You can restrict tracing to only incoming or outgoing NETCONF data by configuring the flag value as either incoming or outgoing, respectively. Additionally, to restrict the trace output to include only those lines that match a particular expression, configure the file match statement and define the regular expression against which the output is matched.

NETCONF tracing operations record NETCONF session data in the file /var/log/netconf . To specify a different trace file, configure the file statement and desired filename.

By default, when the trace file reaches 128 KB in size, it is renamed and compressed to filename.0.gz, then filename.1.gz, and so on, until there are 10 trace files. Then the oldest trace file (filename.9.gz) is overwritten. You can configure limits on the number and size of trace files by including the file files number and file size size statements. You can configure up to a maximum of 1000 files. Specify the file size in bytes or use sizek to specify KB, sizem to specify MB, or sizeg to specify GB. You cannot configure the maximum number of trace files and the maximum trace file size independently. If one option is configured, the other option must also be configured along with a filename.

To control the tracing operation from within a NETCONF session, configure the on-demand statement. This requires that you start and stop tracing operations from within the NETCONF session. If you configure the on-demand statement, you must issue the <rpc><request-netconf-trace><start/></request-netconf-trace></rpc> RPC in the NETCONF session to start tracing operations for that session. To stop tracing for that NETCONF session, issue the <rpc><request-netconf-trace><stop/></request-netconf-trace></rpc> RPC.

By default, access to the NETCONF trace file is restricted to the owner. You can manually configure access by including either the world-readable or no-world-readable statement. The no-world-readable statement restricts trace file access to the owner. This is the default. The world-readable statement enables unrestricted access to the trace file.

Example: Configuring NETCONF Tracing Operations

This example demonstrates how to configure tracing operations for NETCONF sessions.

• Requirements
• Overview
• Configuration
• Verification

Requirements

• A routing, switching, or security device running Junos OS Release 12.2 or later is required.

Overview

This example configures basic tracing operations for NETCONF sessions. The example configures the trace file netconf-ops.log and sets a maximum number of 20 trace files and a maximum size of 3 MB for each file. The flag all statement configures tracing for all incoming and outcoming NETCONF data. The world-readable option enables unrestricted access to the NETCONF trace files.

Configuration

CLI Quick Configuration

Configuring NETCONF Tracing Operations

Step-by-Step Procedure

1. Enable NETCONF over SSH.

   [edit]user@R1# set system services netconf ssh
2. Configure the traceoptions flag to specify which NETCONF session data to capture.

   You can specify incoming, outgoing, or all. This example configures tracing for all NETCONF session data.

   [edit]user@R1# set system services netconf traceoptions flag all
3. (Optional) Configure the filename of the trace file.

   The following statement configures the trace file netconf-ops.log, which is stored in the /var/log directory. If you do not specify a filename, NETCONF session data is stored in /var/log/netconf .

   [edit]user@R1# set system services netconf traceoptions file netconf-ops.log
4. (Optional) Configure the maximum number of NETCONF trace files and the maximum size of each file.

   The following statements configure a maximum of 20 trace files with a maximum size of 3 MB per file.

   [edit]user@R1# set system services netconf traceoptions file files 20user@R1# set system services netconf traceoptions file size 3m
5. (Optional) Restrict the trace output to include only those lines that match a particular regular expression.

   The following configuration, which is not used in this example, matches on and logs only NETCONF session data that contains “error-message“.

   [edit]user@R1# set system services netconf traceoptions file match error-message
6. (Optional) Configure on-demand tracing to control tracing operations from the NETCONF session.

   The following configuration, which is not used in this example, enables on-demand tracing.

   [edit]user@R1# set system services netconf traceoptions on-demand
7. (Optional) Configure the permissions on the trace file by specifying whether the file is world-readable or no-world-readable.

   This example enables unrestricted access to the trace file.

   [edit]user@R1# set system services netconf traceoptions file world-readable

8. Commit the configuration.

   [edit]user@R1# commit

Results

Verification

Verifying NETCONF Tracing Operation

Purpose

Verify that the device is writing NETCONF session data to the configured trace file. This example logs both incoming and outgoing NETCONF data. In the NETCONF session, which is not detailed here, the user modifies the candidate configuration on R1 to include the bgp-troubleshoot.slax op script and then commits the configuration.

Action

Apr  3 13:09:04 Started tracing session: 3694
Apr  3 13:09:29 [3694] Incoming: <rpc>
Apr  3 13:09:29 [3694] Outgoing: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.2R1/junos">
Apr  3 13:09:39 [3694] Incoming: <edit-config>
Apr  3 13:09:43 [3694] Incoming: <target>
Apr  3 13:09:47 [3694] Incoming: <candidate/>
Apr  3 13:09:53 [3694] Incoming: </target>
Apr  3 13:10:07 [3694] Incoming: <default-operation>merge</default-operation>
Apr  3 13:10:10 [3694] Incoming: <config>
Apr  3 13:10:13 [3694] Incoming: <configuration>
Apr  3 13:10:16 [3694] Incoming: <system>
Apr  3 13:10:19 [3694] Incoming: <scripts>
Apr  3 13:10:23 [3694] Incoming: <op>
Apr  3 13:10:26 [3694] Incoming: <file>
Apr  3 13:10:44 [3694] Incoming: <name>bgp-troubleshoot.slax</name>
Apr  3 13:10:46 [3694] Incoming: </file>
Apr  3 13:10:48 [3694] Incoming: </op>
Apr  3 13:10:52 [3694] Incoming: </scripts>
Apr  3 13:10:56 [3694] Incoming: </system>
Apr  3 13:11:00 [3694] Incoming: </configuration>
Apr  3 13:11:00 [3694] Outgoing: <ok/>
Apr  3 13:11:12 [3694] Incoming: </config>
Apr  3 13:11:18 [3694] Incoming: </edit-config>
Apr  3 13:11:26 [3694] Incoming: </rpc>
Apr  3 13:11:26 [3694] Outgoing: </rpc-reply>
Apr  3 13:11:26 [3694] Outgoing: ]]>]]>
Apr  3 13:11:31 [3694] Incoming: ]]>]]>

Apr  3 13:14:20 [3694] Incoming: <rpc>
Apr  3 13:14:20 [3694] Outgoing: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.2R1/junos">
Apr  3 13:14:26 [3694] Incoming: <commit/>
Apr  3 13:14:35 [3694] Outgoing: <ok/>
Apr  3 13:14:35 [3694] Incoming: </rpc>
Apr  3 13:14:35 [3694] Outgoing: </rpc-reply>
Apr  3 13:14:35 [3694] Outgoing: ]]>]]>
Apr  3 13:14:40 [3694] Incoming: ]]>]]>

Apr  3 13:30:48 [3694] Outgoing: <!-- session end at 2012-04-03 13:30:48 PDT -->

Meaning

This example configured the flag all statement, so the trace file displays all incoming and outgoing NETCONF session operations. Each operation includes the date and timestamp. Multiple NETCONF sessions are distinguished by a session number. In this example, only one session, 3694, is active.