Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


services-options (Next Gen Services Interfaces)



Hierarchy Level

Release Information

Statement introduced in Junos OS Release 19.3R2 on MX Series.

Support introduced in Junos OS Release 20.3R1 for Next Gen Services on MX240, MX480 and MX960 routers for the flow configuration statement.


Define the service options to be applied on the virtual multi-service (VMS) interface.

This statement is supported only on the MX-SPC3 Services Card.

The remaining statements are explained separately. See CLI Explorer.


fileConfigure the trace file options.
filenameName of the file to receive the output of the tracing operation. Enclose the name within quotation marks. All files are placed in the directory /var/log. By default, the name of the file is the name of the process being traced.
files numberMaximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file.0, then trace-file.1, and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 10 files

match regular-expressionRefine the output to include lines that contain the regular expression.
size maximum-file-sizeMaximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file.0. When the trace-file again reaches its maximum size, trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and a filename.

Syntax: x K to specify KB, x m to specify MB, or x g to specify GB

Range: 0 KB through 1 GB

Default: 128 KB

world-readable | no-world-readableBy default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.
flagTrace operation to perform. To specify more than one trace operation, include multiple flag statements.
allTrace with all flags enabled
basic-datapathTrace basic packet flow activity
fragmentationTrace IP fragmentation and reassembly events
high-availabilityTrace flow high-availability information
host-trafficTrace flow host traffic information
multicastTrace multicast flow information
routeTrace route lookup information
sessionTrace session creation and deletion events
session-scanTrace session scan information
tcp-basicTrace TCP packet flow information
tunnelTrace tunnel information
no-remote-traceSet remote tracing as disabled.
packet-filter filter-namePacket filter to enable during the tracing operation. Configure the filtering options.
destination-port port-identifierMatch TCP/UDP destination port
destination-prefix addressDestination IP address prefix
interface interface-nameLogical interface
protocol protocol-identifierMatch IP protocol type
source-port port-identifierMatch TCP/UDP source port
source-prefix addressSource IP address prefix
rate-limit messages-per-secondLimit the incoming rate of trace messages.
trace-levelSet the level for trace logging. This option is available only when the flag is set.
briefTrace key flow information, such as message types sent between SPU and central point, policy match, and packet drop reasons.
detailTrace extensive flow information, such as detailed information about sessions and fragments. Detail is the default level.
errorTrace error information, such as system failure, unknown message type, and packet drop.
fragment-limitSpecify the maximum number of fragments to be supported for the PIC. This overrides the value specified, if any, in the set security flow fragment-limit statement.
reassembly-timeoutSpecify the reassembly timeout value for all fragmentation packets for the PIC. This overrides the value specified, if any, in the set security flow reassembly-timeout statement

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.