- play_arrow DHCP and DHCPv6 for Subscriber Management
- play_arrow DHCP for Subscriber Management
- DHCP Overview
- DHCP Access Profiles for Subscriber Authentication and Accounting Parameters
- Overrides for Default DHCP Local Server and DHCP Relay Configuration Settings
- Delaying DHCP Offer and Advertise Responses to Load Balance DHCP Servers
- DHCP Options and Selective Traffic Processing
- Using DHCP Option 82 Information
- Default Services for DHCP Subscribers
- DHCP Client Attribute and Address Assignment
- DHCP Lease Times for IP Addresses
- DHCP Leasequery Methods
- DHCP Client Authentication With An External AAA Authentication Service
- Receiving DHCP Options From a RADIUS Server
- Common DHCP Configuration for Interface Groups and Server Groups
- Number of DHCP Clients Per Interface
- Maintaining DHCP Subscribers During Interface Delete Events
- Dynamic Reconfiguration of Clients From a DHCP Local Server
- Understanding Deferred NACK on DHCP Reconfigure Abort
- Conserving IP Addresses Using DHCP Auto Logout
- DHCP Short Cycle Protection
- DHCP Monitoring and Management
-
- play_arrow IPv6 for Subscriber Management
- play_arrow IPv6 for Subscriber Management
- Introduction to IPv6 Addresses
- Migration to IPv6 Using IPv4 and IPv6 Dual Stack
- IPv6 WAN Link Addressing with NDRA
- IPv6 WAN Link Addressing with DHCPv6 IA_NA
- Subscriber LAN Addressing with DHCPv6 Prefix Delegation
- WAN and LAN Addressing Using DHCPv6 IA_NA and DHCPv6 Prefix Delegation
- Designs for IPv6 Addressing in a Subscriber Access Network
- Dual-Stack Access Models in a DHCP Network
- Dual-Stack Access Models in a PPPoE Network
- Best Practices for Configuring IPv4 and IPv6 Dual Stack in a PPPoE Access Network
- Dual Stack for PPPoE Access Networks Using DHCP
- Dual Stack for PPPoE Access Networks Using NDRA
- IP Demultiplexing Interfaces on Packet-Triggered Subscriber Services
- Conservation of IPv4 Addresses for Dual-Stack PPP Subscribers Using On-Demand IPv4 Address Allocation
- Dual Stack Subscribers Monitoring and Management
-
- play_arrow DHCPv6 for Subscriber Management
- play_arrow Packet Triggered Subscriber Services
- play_arrow Packet Triggered Subscriber Services
-
- play_arrow Address-Assignment Pools for Subscriber Management
- play_arrow Address-Assignment Pools for Subscriber Management
-
- play_arrow DNS Addresses for Subscriber Management
- play_arrow DNS Addresses for Subscriber Management
-
- play_arrow M:N Subscriber Redundancy
- play_arrow Access Node Control Protocol and the ANCP Agent for Subscriber Services
- play_arrow Access Node Control Protocol and the ANCP Agent for Subscriber Services
-
- play_arrow Diameter Base Protocol and its Applications
- play_arrow Diameter Base Protocol and its Applications
- Diameter Base Protocol
- Gx-Plus for Provisioning Subscribers
- 3GPP Policy and Charging Control for Wireline Provisioning and Accounting
- NASREQ for Authentication and Authorization
- JSRC for Subscriber Provisioning and Accounting
- JSRC and Subscribers on Static Interfaces
- Monitoring and Management Diameter Information
- Tracing Diameter Base Protocol Events for Troubleshooting
- Troubleshooting Diameter Networks
- Monitoring and Managing Static Subscriber Information
- Tracing Static Subscriber Events for Troubleshooting
-
- play_arrow Configuration Statements and Operational Commands
ON THIS PAGE
Configuring the General Authentication Service Trace Log Filename
Configuring the Number and Size of General Authentication Service Log Files
Configuring Access to the General Authentication Service Log File
Configuring a Regular Expression for General Authentication Service Messages to Be Logged
Configuring Subscriber Filtering for General Authentication Service Tracing
Configuring the General Authentication Service Tracing Flags
Tracing General Authentication Service (authd) Events for Troubleshooting
The Junos OS trace operations feature tracks general authentication service operations and records events in a log file. The error descriptions captured in the log file provide detailed information to help you solve problems. The operations and events are those associated with the authd process, which manages the subscriber AAA infrastructure.
By default, nothing is traced. When you enable the tracing operation, the default tracing behavior is as follows:
Important events are logged in a file located in the
/var/logdirectory. By default, the router uses the filename,authd. You can specify a different filename, but you cannot change the directory (/var/log) in which trace files are located.When the trace log file
filenamereaches 128 kilobytes (KB), it is compressed and renamedfilename.0.gz. Subsequent events are logged in a new file calledfilename, until it reaches capacity again. At this point,filename.0.gzis renamedfilename.1.gzandfilenameis compressed and renamedfilename.0.gz. This process repeats until the number of archived files reaches the maximum file number. Then the oldest trace file—the one with the highest number—is overwritten.You can optionally specify the number of trace files to be from 2 through 1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB). For more information about how log files are created, see the System Log Explorer.
By default, only the user who configures the tracing operation can access log files. You can optionally configure read-only access for all users.
The following topics describe how to configure all aspects of tracing general authentication service operations:
Configuring the General Authentication Service Trace Log Filename
By default, the name of the file that records trace output for
general authentication service is authd. You can specify
a different name by including the file statement at the [edit system processes general-authentication-service] hierarchy
level:
To configure the filename for general authentication service tracing operations:
Specify the name of the file used for the trace output.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set file aap_logfile_1
Configuring the Number and Size of General Authentication Service Log Files
You can optionally specify the number of compressed, archived trace log files to be from 2 through 1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB); the default size is 128 kilobytes (KB).
The archived files are differentiated by a suffix in the format .number.gz. The newest archived file is .0.gz and the oldest archived file is .(maximum
number)-1.gz. When the current trace log file reaches
the maximum size, it is compressed and renamed, and any existing archived
files are renamed. This process repeats until the maximum number of
archived files is reached, at which point the oldest file is overwritten.
For example, you can set the maximum file size to 2 MB, and
the maximum number of files to 20. When the file that receives the
output of the tracing operation, filename, reaches 2 MB, filename is
compressed and renamed filename.0.gz, and a new file called filename is
created. When the new filename reaches
2 MB, filename.0.gz is renamed filename.1.gz and filename is compressed and renamed filename.0.gz. This process repeats until there are 20 trace files.
Then the oldest file, filename.19.gz, is simply overwritten when the next oldest file, filename.18.gz is compressed and renamed to filename.19.gz.
To configure the number and size of trace files:
Specify the name, number, and size of the file used for the trace output, by including the
filesandsizeoptions with thetraceoptionsstatement.content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set file aap_logfile_1 files 20 size 2097152
Configuring Access to the General Authentication Service Log File
By default, log files can be accessed only by the user who configures the tracing operation. You can allow all users to read the log file and you can explicitly set the default behavior of the log file.
To specify that all users can read the log file:
Configure the log file to be world-readable.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set file aap_logfile_1 world-readable
To explicitly set the default behavior, in which the log file can only be read by the user who configured tracing:
Configure the log file to be no-world-readable.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set file aap_logfile_1 no-world-readable
Configuring a Regular Expression for General Authentication Service Messages to Be Logged
By default, the trace operation output includes all lines relevant to the logged events. You can refine the output by including regular expressions (regex) that will be matched.
To configure regular expressions to match:
Configure the regular expression.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set file aap_logfile_1 match regular-expression
Configuring Subscriber Filtering for General Authentication Service Tracing
Starting in Junos OS Release 14.1, you can apply filters to the general authentication service to limit tracing to particular subscribers or domains. Subscriber filtering simplifies troubleshooting in a scaled environment by enabling you to focus on a reduced set of trace results.
For subscriber usernames that have the expected form of user@domain, you
can filter on the user, the domain, or both. You can use an asterisk
(*) as a wildcard to substitute for characters at the beginning or
end of either term to match a greater number of subscribers.
You cannot filter results using a wildcard in the middle of the user or domain terms. For example, the following uses of the wildcard are not supported: tom*25@example.com, tom125@ex*.com.
When you enable filtering by username, traces that have insufficient information to determine the username are automatically excluded.
To configure subscriber filtering:
Specify the filter.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set filter user user@domain
Consider the following examples of using the wildcard for filtering:
Filter results for the specific subscriber with the username, tom@example.com.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set filter user tom@example.com
Filter results for all subscribers whose username begins with tom.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set filter user tom*
Filter results for all subscribers whose username ends with tom.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set filter user *tom
Filter results for subscribers with the username tom at all domains beginning with ex.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set filter user tom@ex*
Filter results for all subscribers at all domains that end with ample.com.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set filter user *ample.com
Filter results for all subscribers whose username begins with tom at domains that end with example.com.
content_copy zoom_out_map[edit system processes general-authentication-service traceoptions] user@host# set filter user tom*@*example.com
Configuring the General Authentication Service Tracing Flags
By default, only important events are logged. You can specify which events and operations are logged by specifying one or more tracing flags.
To configure the flags for the events to be logged:
Configure the flags.
content_copy zoom_out_map[edit system services subscriber-management traceoptions] user@host# set flag flag
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
