Trace Event Policy Processing on Devices Running Junos OS
Event policy tracing operations track all event policy operations and record them in a log file. The logged error descriptions provide detailed information to help you solve problems faster.
By default, no events are traced. If you include the traceoptions
statement at the [edit event-options]
hierarchy level,
the default tracing behavior is the following:
Events are logged to the /var/log/eventd file on the device.
When the file eventd reaches 128 kilobytes (KB), it is renamed and compressed to eventd.0.gz, then eventd.1.gz, and so on, until there are three trace files. Then the oldest trace file (eventd.2.gz) is overwritten. (For more information about how log files are created, see the System Log Explorer.)
Log files can be accessed only by the user who configures the tracing operation.
You cannot change the directory (/var/log) to which trace files are written. However, you can customize the
other trace file settings by including the following statements at
the [edit event-options traceoptions]
hierarchy level:
[edit event-options traceoptions] file <filename> <files number> <match regular-expression> <size size> <world-readable | no-world-readable>; flag all; flag configuration; flag database; flag events; flag policy; flag server; flag syslog flag timer-events; no-remote-trace;
These statements are described in the following sections:
Configuring the Event Policy Log Filename
By default, the name of the file that records trace output is eventd. You can specify a different name by including
the file
statement at the [edit event-options traceoptions]
hierarchy level:
[edit event-options traceoptions] file filename;
Configuring the Number and Size of Event Policy Log Files
By default, when the trace file reaches 128 kilobytes (KB) in size, it is renamed filename.0, then filename.1, and so on, until there are three trace files. Then the oldest trace file (filename.2) is overwritten.
You can configure the limits on the number and size of trace
files by including the following statements at the [edit event-options
traceoptions file <filename>]
hierarchy
level:
[edit event-options traceoptions file <filename>] files number size size;
For example, set the maximum file size to 2 MB and the maximum number of files to 20. When the file that receives the output of the tracing operation (filename) reaches 2 MB, filename is renamed and compressed to filename.0.gz and a new file called filename is created.
When filename reaches 2 MB, filename.0.gz is renamed filename.1.gz and filename is renamed and compressed to filename.0.gz. This process repeats until there are 20 trace files. Then the oldest file (filename.19.gz) is overwritten.
The number of files can range from 2 through 1000 files. The file size can range from 10 KB through 1 gigabyte (GB).
Configuring Access to the Log File
By default, log files can be accessed only by the user who configures the tracing operation.
To specify that any user can read all log files, include the world-readable
statement at the [edit event-options traceoptions
file <filename>]
hierarchy level:
[edit event-options traceoptions file <filename>] world-readable;
To explicitly set the default behavior, include the no-world-readable
statement at the [edit event-options traceoptions file <filename>]
hierarchy level:
[edit event-options traceoptions file <filename>] no-world-readable;
Configuring a Regular Expression for Lines to Be Logged
By default, the trace operation output includes all lines relevant to the logged events.
You can refine the output by including the match
statement
at the [edit event-options traceoptions file <filename>]
hierarchy level and specifying a regular
expression to be matched:
[edit event-options traceoptions file <filename>] match regular-expression;
Configuring the Trace Operations
By default, no events are logged. You can configure the trace
operations to be logged by including the following statements at the [edit event-options traceoptions]
hierarchy level:
[edit event-options traceoptions] flag all; flag configuration; flag database; flag events; flag policy; flag server; flag syslog flag timer-events;
Table 1 describes the meaning of the event policy tracing flags.
Flag |
Description |
Default Setting |
---|---|---|
|
Trace all operations. |
Off |
|
Log reading of configuration at the |
Off |
|
Trace important events. |
Off |
|
Log events involving storage and retrieval in events database. |
Off |
|
Log policy processing. |
Off |
|
Log communication with processes that are generating events. |
Off |
|
Log syslog related traces |
Off |
|
Log internally generated events. |
Off |
To display the end of the log, issue the show log eventd | last
operational mode
command.
user@host> show log eventd | last