Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


traceoptions (NETCONF TLS)



Hierarchy Level

Release Information

Statement introduced in Junos OS Release 20.2R1.


Enable trace options for NETCONF sessions that use the Transport Layer Security (TLS) protocol.


If you do not include this statement, NETCONF-over-TLS-specific tracing operations are not performed.


file filenameName of the file to receive the output of the tracing operation. All files are placed in the /var/log directory.

Default: /var/log/netconf-tls

files number(Optional) Maximum number of trace files.

When a trace file named trace-file reaches its maximum size, it is renamed and compressed to trace-file.0.gz, then trace-file.1.gz and so on, until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

Range: 2 through 1000 files

Default: 3 files

flag flagTracing operation to perform. To specify more than one tracing operation, include multiple flag statements.


  • all—Log all communication

  • app—Log the application data in plain text

  • general—Log tls-proxyd process-related messages

  • pki—Log PKI-related messages

  • plugin—Log plugin messages

levelLevel of debugging output.


  • all—Match all levels

  • error—Match error conditions

  • info—Match informational messages

  • notice—Match conditions that should be handled specially

  • verbose—Match verbose messages

  • warning—Match warning messages

Default: error

match regular-expression(Optional) Refine the output to include only those lines that match the regular expression.
no-remote-traceDisable remote tracing.
no-world-readable(Optional) Disable unrestricted file access, which restricts file access to the owner. This is the default.
size size(Optional) Maximum trace file size in bytes, kilobytes (KB), megabytes (MB), or gigabytes (GB).

If you don’t specify a unit, the default is bytes. If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and a filename.

Syntax: size to specify bytes, sizek to specify KB, sizem to specify MB, or sizeg to specify GB

Range: 10,240 through 1,073,741,824 bytes

Default: 128 KB

world-readable(Optional) Enable unrestricted file access.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.