Setting Security Trace Options (CLI Procedure)

Use the following configuration statements to configure security trace options in the CLI configuration editor.

• To disable remote tracing, enter the following statement:

  user@host# set security traceoptions no-remote-trace

• To write trace messages to a local file, enter the following statement. The system saves the trace file in the /var/log/ directory.

  user@host# set security traceoptions use-local-files

• To specify a name for the trace file, enter the following statement. Valid values range from 1 and 1024 characters. The name cannot include spaces, /, or % characters. The default filename is security.

  user@host#set security traceoptions file filename

• To specify the maximum number of trace files that can accumulate, enter the following statement. Valid values range from 2 to 1000. The default value is 3.

  user@host# set security traceoptions file files 3

• To specify the match criteria that you want the system to use when logging information to the file, enter the following statement. Enter a regular expression. Wildcard (*) characters are accepted.

  user@host# set security traceoptions file match *thread

• To allow any user to read the trace file, enter the world-readable statement. Otherwise, enter the no-world-readable statement.

  user@host#set security traceoptions file world-readableuser@host# set security traceoptions file no-world-readable

• To specify the maximum size to which the trace file can grow, enter the following statement. Once the file reaches the specified size, it is compressed and renamed filename0.gz, the next file is named filename1.gz, and so on. Valid values range from 10240 to 1,073,741,824.

  user@host#set security traceoptions file size 10240

• To turn on trace options and to perform more than one tracing operation, set the following flags.

  user@host#set security traceoptions flag alluser@host#set security traceoptions flag compilationuser@host# set security traceoptions flag configurationuser@host#set security traceoptions flag routing-socket
• To specify the groups that these trace option settings do or do not apply to, enter the following statements:
  user@host# set security traceoptions apply-groups valueuser@host# set security traceoptions apply-groups-except value