[an error occurred while processing this directive] [an error occurred while processing this directive]

Configuring Tracing Operations for Access Processes

To trace access processes, you can specify options in the traceoptions statement at the [edit access] hierarchy level. The default tracing behavior is the following:

  • Important events are logged in a file called accessd located in the /var/log directory.
  • When the file accessd reaches 128 kilobytes (KB), it is renamed accessd.0, then accessd.1 and so on, until there are 3 trace files. Then the oldest trace file (accessd2. is overwritten. For more information about how log files are created, see the JUNOS System Log Messages Reference.
  • Log files can be accessed only by the user who configures the tracing operation.

You cannot change the directory (/var/log) in which trace files are located. However, you can customize the other trace file settings by including the following statements at the [edit access traceoptions] hierarchy level:

[edit access]
traceoptions {
file filename {
files number;
size maximum-file-size;
world-readable | no-world-readable;
match regex;
}
flag all;
flag authentication;
flag chap;
flag configuration;
flag kernel;
flag radius;
}

Tasks for configuring tracing operations are:

  1. Configuring the Access Processes Log Filename
  2. Configuring the Number and Size of Access Processes Log Files
  3. Configuring Access to the Log File
  4. Configuring a Regular Expression for Lines to Be Logged
  5. Configuring the Trace Operations to Be Logged

Configuring the Access Processes Log Filename

By default, the name of the file that records trace output is accessd.

To specify a different name, include the file statement at the [edit traceoptions] hierarchy level:

[edit access traceoptions]
file filename;

Configuring the Number and Size of Access Processes Log Files

By default, when the trace file reaches 128 kilobytes (KB) in size, it is renamed filename.0, then filename.1, and so on, until there are 3 trace files. Then the oldest trace file (filename.2) is overwritten.

To configure the limits on the number and size of trace files, include the following statements at the [edit access traceoptions] hierarchy level:

[edit access traceoptions]
file files number size size;

For example, set the maximum file size to 2 MB, and the maximum number of files to 20. When the file that receives the output of the tracing operation (filename) reaches 2 MB, filename is renamed filename.0, and a new file called filename is created. When the new filename reaches 2 MB, filename.0 is renamed filename.1 and filename is renamed filename.0. This process repeats until there are 20 trace files. Then the oldest file (filename.19) is overwritten by the newest file (filename.0).

The number of files can be from 2 through 1000 files. The file size of each file can be from 10 KB through 1 gigabyte (GB).

Configuring Access to the Log File

By default, log files can be accessed only by the user who configures the tracing operation.

To specify that any user can read all log files, include the file world-readable statement at the [edit access traceoptions] hierarchy level:

[edit access traceoptions]
file world-readable;

To explicitly set the default behavior, include the file no-world-readable statement at the [edit event-options traceoptions] hierarchy level:

[edit access traceoptions]
file no-world-readable;

Configuring a Regular Expression for Lines to Be Logged

By default, the trace operation output includes all lines relevant to the logged events.

You can refine the output by including the match statement at the [edit access traceoptions file filename] hierarchy level and specifying a regular expression (regex) to be matched:

[edit access traceoptions]
file filename match regex;

Configuring the Trace Operations to Be Logged

By default, only important events are logged. You can configure the trace operations to be logged by including the following statements at the [edit access traceoptions] hierarchy `level:

[edit access traceoptions]
flag {
all;
authentication;
chap;
configuration;
kernel
radius;
}

You can specify the following access tracing flags:

  • all—All tracing operations
  • authentication—All authentication module handling
  • chap—All CHAP messages and handling
  • configuration—Reading of configuration
  • kernel—Send all configuration messages to the kernel
  • radius—All RADIUS messages and handling

Published: 2009-07-15

[an error occurred while processing this directive]