 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
The JUNOS software trace function provides a tool for applications to write security debugging information to a file. The information that appears in this file is based on criteria you set. You can use this information to analyze security application issues.
The trace function operates in a distributed manner, with each thread writing to its own trace buffer. These trace buffers are then collected at one point, sorted, and written to trace files. Trace messages are delivered using the IPC (InterProcess Communications) protocol. A trace message has a lower priority than that of control protocol packets such as BGP, OSPF, and IKE and therefore delivery is not considered to be as reliable.
This topic covers:
For flow trace options, you can define a packet filter using combinations of destination-port, destination-prefix, interface, protocol, source-port, and source-prefix. If the security flow trace flag for a certain module is set, the packet matching the specific packet filter triggers flow tracing and writes debugging information to the trace file.
The following example displays the options you can set by using security flow traceoptions:
- user@host # set security flow traceoptions packet-filter
filter1 destination-port imap
- user@host # set security flow traceoptions packet-filter
filter1 destination-prefix 1.2.3.4
- user@host # set security flow traceoptions packet-filter
filter1 interface fxp0
- user@host # set security flow traceoptions packet-filter
filter1 protocol tcp
- user@host # set security flow traceoptions packet-filter
filter1 source-port http
- user@host # set security flow traceoptions packet-filter
filter1 source-prefix 5.6.7.8
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |