traceoptions

See the following sections:

• traceoptions (firewall-authentication)
• traceoptions (H.323 ALG)
• traceoptions (Flow)
• traceoptions (IDP)
• traceoptions (IKE)
• traceoptions (IPsec)
• traceoptions (MGCP ALG)
• traceoptions (NAT Services Gateway)
• traceoptions (NAT Services Router)
• traceoptions (PKI)
• traceoptions (Policies)
• traceoptions (SCCP ALG)
• traceoptions (Screen)
• traceoptions (Security)
• traceoptions (SIP ALG)

traceoptions (firewall-authentication)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Define data-plane firewall authentication tracing options.

This statement is supported on J-series and SRX-series devices.

Options

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Enable all tracing operations
• authentication—Trace data-plane firewall authentication events
• proxy—Trace data-plane firewall authentication proxy events

detail—Display moderate amount of data in trace.

extensive—Display extensive amount of data in trace.

terse—Display minimum amount of data in trace.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (H.323 ALG)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure H.323 tracing options.

This statement is supported on J-series devices.

Options

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• cc—Trace chassis cluster functions
• h225-asn1—Trace H.225 ASN.1 processing activity
• h245—Trace H.245 processing activity
• h245-asn1—Trace H.245 ASN.1 processing activity
• q931—Trace Q.931 processing activity
• ras—Trace remote access server (RAS) processing activity
• ras-asn1—Trace RAS ASN.1 processing activity

detail—Display moderate amount of data in trace.

extensive—Display extensive amount of data in trace.

terse—Display minimum amount of data in trace.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (Flow)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure flow tracing options.

This statement is supported on J-series and SRX-series devices.

Options

file filename —Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. All files are placed in the directory /var/log.

files number —(Optional) Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• ager—Trace session ageout related events
• all—Trace with all flags enabled
• basic-datapath—Trace basic packet flow activity
• cli—Trace CLI configuration activity and command changes
• errors—Trace flow errors activity
• fragmentation—Trace IP fragmentation and reassembly events
• chassis-cluster—Trace chassis cluster information
• host-traffic—Trace host traffic information
• lookup—Trace lookup events
• multicast—Trace multicast flow information
• packet-drops—Trace packet drop activity
• route—Trace route information
• session—Trace session creation and deletion events
• session-scan—Trace session scan information
• tcp-advanced—Trace advanced TCP packet flow activity
• tcp-basic—Trace TCP packet flow activity
• tunnel—Trace tunnel information

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (IDP)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 9.2 of JUNOS software.

Description

Configure IDP tracing options.

This statement is supported on SRX-series devices.

Options

file filename —Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. All files are placed in the directory /var/log.

files number —(Optional) Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace all iked process modules activity

level—Set the level of debugging the output option.

• all—Match all levels
• error—Match error conditions
• info—Match informational messages
• notice—Match conditions that should be handled specially
• verbose—Match verbose messages
• warning—Match warning messages

no-remote-trace—Set remote tracing as disabled.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (IKE)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure IKE tracing options.

This statement is supported on J-series and SRX-series devices.

Options

file filename —Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. All files are placed in the directory /var/log.

files number —(Optional) Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace all iked process modules activity
• certificates—Trace certificate-related activity
• database—Trace VPN-related database activity
• general—Trace general activity
• ike—Trace IKE protocol activity
• parse—Trace VPN parsing activity
• policy-manager—Trace iked callback activity
• routing-socket—Trace routing socket activity
• timer—Trace timer activity
• snmp—Trace SNMP operations activity

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (IPsec)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure IPsec tracing options.

This statement is supported on J-series and SRX-series devices.

Options

flag—To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• next-hop-tunnel-binding—Trace next-hop tunnel binding events
• packet-drops—Trace packet drop activity
• packet-processing—Trace data packet processing events
• security-associations—Trace security association (SA) management events

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (MGCP ALG)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure Media Gateway Control Protocol (MGCP) tracing options.

This statement is supported on J-series and SRX-series devices.

Options

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• call—Trace call processing activity
• cc—Trace chassis cluster functions
• decode—Trace decoder operations activity
• error—Trace processing errors activity
• nat—Trace Network Address Translation (NAT) processing activity
• packet—Trace MGCP protocol packet processing activity
• rm—Trace MGCP Resource Management (Resmgr) functions activity

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (NAT Services Gateway)

Syntax

Hierarchy Level

Release Information

Statement modified in Release 9.3 of JUNOS software.

Description

Configure NAT tracing options.

This statement is supported on SRX-series devices.

Options

filename —By default, the name of the log file that records trace output is the name of the process being traced. Use this option to specify another name.

files number —(Optional) Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• destination-nat-pfe—Trace destination NAT events on PFE-ukernel side
• destination-nat-re—Trace destination NAT events on routing engine (RE) side
• destination-nat-rt—Trace destination NAT events on packet processing engine real-time (PFE-RT) side
• source-nat-pfe—Trace source NAT events on PFE-ukernel side
• source-nat-re—Trace source NAT events on RE side
• source-nat-rt—Trace source NAT events on PFE-RT side
• static-nat-pfe—Trace static NAT events on PFE-ukernel side
• static-nat-re—Trace static NAT events on RE side
• static-nat-rt—Trace static NAT events on PFE-RT side

no-remote-trace—Set remote tracing as disabled.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (NAT Services Router)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure NAT tracing options.

This statement is supported on J-series devices.

Options

filename —By default, the name of the log file that records trace output is the name of the process being traced. Use this option to specify another name.

files number —(Optional) Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• configuration—Trace configuration events
• flow—Trace flow events
• routing-protocol—Trace routing protocol events
• routing-socket—Trace routing socket events

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (PKI)

Syntax

Hierarchy Level

Release Information

Statement modified in Release 8.5 of JUNOS software.

Description

Configure public key infrastructure (PKI) tracing options.

This statement is supported on J-series and SRX-series devices.

Options

filename —By default, the name of the log file that records trace output is the name of the process being traced. Use this option to specify another name.

files number —(Optional) Specify the maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• certificate-verification—Trace PKI certificate verification events
• online-crl-check—Trace PKI online certificate revocation list (CRL) events

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (Policies)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure policy tracing options.

This statement is supported on J-series and SRX-series devices.

Options

filename —By default, the name of the log file that records trace output is the name of the process being traced. Use this option to specify another name.

files number —(Optional) Specify the maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• configuration—Trace configuration events
• compilation—Trace policy compilation events
• ipc—Trace process inter communication events
• lookup—Trace policy lookup events
• routing-socket—Trace routing socket events
• rules—Trace policy rules-related events

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (SCCP ALG)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure Skinny Client Control Protocol (SCCP) tracing options.

This statement is supported on J-series devices.

Options

flag —Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• call—Enable tracing for SCCP call processing
• cc—Enable tracing for SCCP chassis cluster functions
• cli—Enable tracing for SCCP command-line interface (CLI) client processing
• decode—Enable tracing for SCCP decoder operations
• error—Enable tracing for SCCP processing errors
• init—Enable tracing for SCCP initialization errors
• nat—Enable tracing for SCCP NAT processing
• rm—Enable tracing for SCCP Resource Management (Resmgr) functions

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (Screen)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure screen tracing options.

To specify more than one tracing option, include multiple flag statements.

This statement is supported on J-series and SRX-series devices.

Options

filename —By default, the name of the log file that records trace output is the name of the process being traced. Use this option to specify another name.

files number —(Optional) Specify the maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace all screen events
• configuration—Trace screen configuration events
• flow—Trace flow events

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (Security)

Syntax

Hierarchy Level

Release Information

Statement modified in Release 8.5 of JUNOS software.

Description

Configure security tracing options.

This statement is supported on J-series and SRX-series devices.

Options

filename —By default, the name of the log file that records trace output is the name of the process being traced. Use this option to specify another name.

files number —(Optional) Specify the maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file .0, then trace-file.1 , and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expression —(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size —(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file .0. When the trace-file again reaches its maximum size, trace-file .0 is renamed trace-file .1 and trace-file is renamed trace-file .0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and filename.

Syntax: x k to specify KB, x m to specify MB, or x g to specify GB

Range: 10 KB through 1 GB

Default: 128 KB

world-readable | no-world-readable—(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace all security events
• configuration—Trace security configuration events
• compilation—Trace security compilation events
• routing-socket—Trace routing socket events

no-remote-trace—Set remote tracing as disabled.

rate-limit rate —Number of trace per second. You can configure the incoming rate of trace messages.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

traceoptions (SIP ALG)

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure Session Initiation Protocol (SIP) tracing options.

This statement is supported on J-series devices.

Options

flag —Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

• all—Trace with all flags enabled
• call—Enable tracing for SIP call processing
• cc—Enable tracing for SIP chassis cluster functions
• nat—Enable tracing SIP Network Address Translation (NAT) processing
• parser—Enable tracing SIP parser operations
• rm—Enable tracing SIP Resource Management (Resmgr) functions

detail—Display moderate amount of data in trace.

extensive—Display extensive amount of data in trace.

terse—Display minimum amount of data in trace.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.