To trace address-assignment pool processes, you can specify flags in the traceoptions statement at the [edit system processes general-authentication-service] hierarchy level. The default tracing behavior is the following:
You cannot change the directory (/var/log) in which trace files are located. However, you can customize the other trace file settings by including the following statements at the [edit system processes general-authentication-service] hierarchy level:
- [edit system processes general-authentication-service]
-
traceoptions {
-
- file filename {
- files number;
- size maximum-file-size;
- world-readable | no-world-readable;
- match regex;
- }
- flag address-assignment;
- flag all;
- flag configuration;
- flag framework;
- flag ldap;
- flag local-authentication;
- flag radius;
- }
These options are described in the following sections:
By default, the name of the file that records trace output for address-assignment pools is authd. You can specify a different name by including the file statement at the [edit system processes general-authentication-service] hierarchy level:
- [edit system processes general-authentication-service traceoptions]
- file filename;
By default, when the trace file reaches 128 kilobytes (KB) in size, it is renamed filename.0, then filename.1, and so on, until there are 3 trace files. Then the oldest trace file (filename.2) is overwritten.
You can configure the limits on the number and size of trace files by including the following statement at the [edit system processes general-authentication-service traceoptions] hierarchy level:
- [edit system processes general-authentication-service traceoptions]
- file files number size size;
For example, set the maximum file size to 2 MB, and the maximum number of files to 20. When the file that receives the output of the tracing operation (filename) reaches 2 MB, filename is renamed filename.0, and a new file called filename is created. When the new filename reaches 2 MB, filename.0 is renamed filename.1 and filename is renamed filename.0. This process repeats until there are 20 trace files. Then the oldest file (filename.19) is overwritten by the newest file (filename.0).
The number of files can be from 2 through 1000 files. The file size of each file can be from 10 KB through 1 gigabyte (GB).
By default, log files can be accessed only by the user who configures the tracing operation.
To specify that any user can read all log files, include the file world-readable statement at the [edit system processes general-authentication-service traceoptions] hierarchy level:
- [edit system processes general-authentication-service traceoptions]
- file world-readable;
To explicitly set the default behavior, include the file no-world-readable statement at the [edit system processes general-authentication-service traceoptions] hierarchy level:
- [edit system processes general-authentication-service traceoptions]
- file no-world-readable;
By default, the trace operation output includes all lines relevant to the logged events.
You can refine the output by including the match statement at the [edit system processes general-authentication-service file filename] hierarchy level and specifying a regular expression (regex) to be matched:
- [edit system processes general-authentication-service traceoptions]
- file filename match regex;
By default, only important events are logged. You can configure the trace operations to be logged by including the following statements at the [edit system processes general-authentication-service traceoptions] hierarchy level:
- [edit system processes general-authentication-service traceoptions]
- flag {
- address-assignment;
- all;
- configuration;
- framework;
- ldap;
- local-authentication;
- radius;
- }
You can specify the following access tracing flags: