traceoptions (MACsec interfaces)
Syntax
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag;
}
Hierarchy Level
[edit security macsec interfaces interface-name]
Description
Define tracing operations for individual MACsec interfaces. Tracing operations
provide support for debugging protocol-level issues. MACsec is an industry-standard security
technology that provides secure communication for almost all types of traffic on Ethernet
links. To specify more than one tracing operation, include multiple flag statements.
The interfaces traceoptions statement does not support a separate trace file.
The logging is done by the kernel, so the tracing information is placed in the system syslog file in the directory /var/log/dcd.
Interface level tracing options cannot be enabled when the connectivity association is configured on the sub-interfaces.
Default
If you do not include this statement, no tracing operations are performed.
Options
file filename—Name of the file
to receive the output of the tracing operation. Enclose the name within quotation marks. By
default, interface process tracing output is placed in the directory. If you do not specify
the name of the tracefile, all files are placed in the directory /var/log/dcd.
files number—(Optional) Maximum number of trace
files. When a trace file named trace-file reaches the maximum value, it is renamed trace-file.0, then trace-file.1, and so on, until the maximum number of trace files is reached.
Then the oldest trace file is overwritten. Values range from 2 through 1000.
flag flag—Tracing operation to perform. To specify
more than one tracing operation, include multiple flag statements. The following
are the tracing operation options:
all |
Trace all operations. |
keys |
Trace key creation or generation information. |
mka-packets |
Trace MACsec Key Agreement (MKA) protocol input and output packet information. |
normal |
Trace all normal events and messages. |
state |
Trace MKA protocol state information. |
to-secy |
Trace MKA to security entity state change information. |
no-world-readable—(Optional) Prevent any user from reading the log
file.
size size—(Optional) Maximum size of each trace
file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file.0. When trace-file again
reaches its maximum size, trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This renaming scheme continues until
the maximum number of trace files is reached. Then, the oldest trace file is overwritten.
world-readable—(Optional) Allow any user to read the log file.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 16.1.