Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Tracing Control Plane DDoS Protection Operations

 

The Junos OS trace feature tracks control plane DDoS protection operations and records events in a log file. The error descriptions captured in the log file provide detailed information to help you solve problems.

By default, nothing is traced. When you enable the tracing operation, the default tracing behavior is as follows:

  1. Important events are logged in a file located in the /var/log directory. By default, the router uses the filename jddosd. You can specify a different filename, but you cannot change the directory in which trace files are located.

  2. When the trace log file filename reaches 128 kilobytes (KB), it is compressed and renamed filename.0.gz. Subsequent events are logged in a new file called filename, until it reaches capacity again. At this point, filename.0.gz is renamed filename.1.gz and filename is compressed and renamed filename.0.gz. This process repeats until the number of archived files reaches the maximum file number. Then the oldest trace file—the one with the highest number—is overwritten.

    You can optionally specify the number of trace files to be from 2 through 1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB). (For more information about how log files are created, see the System Log Explorer.)

By default, only the user who configures the tracing operation can access log files. You can optionally configure read-only access for all users.

This topic describes how you can configure all aspects of control plane DDoS protection tracing operations.

Configuring the Control Plane DDoS Protection Trace Log Filename

By default, the name of the file that records trace output for control plane DDoS protection is jddosd. You can specify a different name with the file option.

To configure the filename for subscriber management database tracing operations:

  • Specify the name of the file used for the trace output.

Configuring the Number and Size of Control Plane DDoS Protection Log Files

You can optionally specify the number of compressed, archived trace log files to be from 2 through 1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB); the default size is 128 kilobytes (KB).

The archived files are differentiated by a suffix in the format .number.gz. The newest archived file is .0.gz and the oldest archived file is .(maximum number)-1.gz. When the current trace log file reaches the maximum size, it is compressed and renamed, and any existing archived files are renamed. This process repeats until the maximum number of archived files is reached, at which point the oldest file is overwritten.

For example, you can set the maximum file size to 2 MB, and the maximum number of files to 20. When the file that receives the output of the tracing operation, filename, reaches 2 MB, filename is compressed and renamed filename.0.gz, and a new file called filename is created. When the new filename reaches 2 MB, filename.0.gz is renamed filename.1.gz and filename is compressed and renamed filename.0.gz. This process repeats until there are 20 trace files. Then the oldest file, filename.19.gz, is simply overwritten when the next oldest file, filename.18.gz is compressed and renamed to filename.19.gz.

To configure the number and size of trace files:

  • Specify the name, number, and size of the file used for the trace output.

Configuring Access to the Control Plane DDoS Protection Log File

By default, only the user who configures the tracing operation can access the log files. You can enable all users to read the log file and you can explicitly set the default behavior of the log file.

To specify that all users can read the log file:

  • Configure the log file to be world-readable.

To explicitly set the default behavior, only the user who configured tracing can read the log file:

  • Configure the log file to be no-world-readable.

Configuring a Regular Expression for Control Plane DDoS Protection Messages to Be Logged

By default, the trace operation output includes all messages relevant to the logged events.

You can refine the output by including regular expressions to be matched.

To configure regular expressions to be matched:

  • Configure the regular expression.

Configuring the Control Plane DDoS Protection Tracing Flags

By default, only important events are logged. You can specify which events and operations are logged by specifying one or more tracing flags.

To configure the flags for the events to be logged:

  • Configure the flags.

Configuring the Severity Level to Filter Which Control Plane DDoS Protection Messages Are Logged

The messages associated with a logged event are categorized according to severity level. You can use the severity level to determine which messages are logged for the event type. The severity level that you configure depends on the issue that you are trying to resolve. In some cases you might be interested in seeing all messages relevant to the logged event, so you specify all or verbose. Either choice generates a large amount of output. You can specify a more restrictive severity level, such as notice or info to filter the messages . By default, the trace operation output includes only messages with a severity level of error.

To configure the type of messages to be logged:

  • Configure the message severity level.