traceoptions (Security PKI)
Syntax
traceoptions { file { filename; files number; match regular-expression; size maximum-file-size; (world-readable | no-world-readable); } flag { all; certificate-verification; online-crl-check; } no-remote-trace; }
Hierarchy Level
[edit security pki]
Description
Configure public key infrastructure (PKI) tracing options. To specify more than one trace option, include multiple flag statements. Trace option output is recorded in the /var/log/pkid file.
Options
file
—Configure the trace file options.filename
—Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. All files are placed in the directory/var/log
. By default, the name of the file is the name of the process being traced.files number
—Maximum number of trace files. When a trace file namedtrace-file
reaches its maximum size, it is renamed totrace-file.0
, thentrace-file.1
, and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.If you specify a maximum number of files, you also must specify a maximum file size with the
size
option and a filename.Range: 2 through 1000 files
Default: 10 files
match regular-expression
—Refine the output to include lines that contain the regular expression.size maximum-file-size
—Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file namedtrace-file
reaches this size, it is renamedtrace-file.0
. When thetrace-file
again reaches its maximum size,trace-file.0
is renamedtrace-file.1
andtrace-file
is renamedtrace-file.0
. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.If you specify a maximum file size, you also must specify a maximum number of trace files with the
files
option and a filename.Syntax:
x K
to specify KB,x m
to specify MB, orx g
to specify GBRange: 10 KB through 1 GB
Default: 128 KB
world-readable
|no-world-readable
—By default, log files can be accessed only by the user who configures the tracing operation. Theworld-readable
option enables any user to read the file. To explicitly set the default behavior, use theno-world-readable
option.
flag
—Trace operation to perform. To specify more than one trace operation, include multipleflag
statements.all
—Trace with all flags enabledcertificate-verification
—Trace PKI certificate verification eventsonline-crl-check
—Trace PKI online certificate revocation list (CRL) events
no-remote-trace
—Set remote tracing as disabled.
Required Privilege Level
trace—To view this statement in the configuration.
trace-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 8.5.