[an error occurred while processing this directive] [an error occurred while processing this directive]

Tracing Address-Assignment Pool Processes

To trace address-assignment pool processes, you can specify flags in the traceoptions statement at the [edit system processes general-authentication-service] hierarchy level. The default tracing behavior is the following:

  • Important events are logged in a file called authd located in the /var/log directory.
  • When the file authd reaches 128 kilobytes (KB), it is renamed authd.0, then authd.1, and so on, until there are 3 trace files. Then the oldest trace file (authd2. is overwritten. For more information about how log files are created, see the JUNOS System Log Messages Reference.
  • Log files can be accessed only by the user who configures the tracing operation.

You cannot change the directory (/var/log) in which trace files are located. However, you can customize the other trace file settings by including the following statements at the [edit system processes general-authentication-service] hierarchy level:

[edit system processes general-authentication-service]
traceoptions {
file filename {
files number;
size maximum-file-size;
world-readable | no-world-readable;
match regex;
}
flag address-assignment;
flag all;
flag configuration;
flag framework;
flag ldap;
flag local-authentication;
flag radius;
}

The following topics describe the tasks for configuring tracing operations for address-assignment pools in detail:

  1. Configuring the Filename of the Address-Assignment Pool Trace Log
  2. Configuring the Number and Size of Address-Assignment Pool Processes Log Files
  3. Configuring Access to the Log File
  4. Configuring a Regular Expression for Lines to Be Logged
  5. Configuring Trace Operations

Configuring the Filename of the Address-Assignment Pool Trace Log

By default, the name of the file that records trace output for address-assignment pools is authd. You can specify a different name by including the file statement at the [edit system processes general-authentication-service] hierarchy level:

[edit system processes general-authentication-service traceoptions]
file filename;

Configuring the Number and Size of Address-Assignment Pool Processes Log Files

By default, when the trace file reaches 128 kilobytes (KB) in size, it is renamed filename.0, then filename.1, and so on, until there are 3 trace files. Then the oldest trace file (filename.2) is overwritten.

You can configure the limits on the number and size of trace files by including the following statement at the [edit system processes general-authentication-service traceoptions] hierarchy level:

[edit system processes general-authentication-service traceoptions]
file files number size size;

For example, set the maximum file size to 2 MB, and the maximum number of files to 20. When the file that receives the output of the tracing operation (filename) reaches 2 MB, filename is renamed filename.0, and a new file called filename is created. When the new filename reaches 2 MB, filename.0 is renamed filename.1 and filename is renamed filename.0. This process repeats until there are 20 trace files. Then the oldest file (filename.19) is overwritten by the newest file (filename.0).

The number of files can be from 2 through 1000 files. The file size of each file can be from 10 KB through 1 gigabyte (GB).

Configuring Access to the Log File

By default, log files can be accessed only by the user who configures the tracing operation.

To specify that any user can read all log files, include the file world-readable statement at the [edit system processes general-authentication-service traceoptions] hierarchy level:

[edit system processes general-authentication-service traceoptions]
file world-readable;

To explicitly set the default behavior, include the file no-world-readable statement at the [edit system processes general-authentication-service traceoptions] hierarchy level:

[edit system processes general-authentication-service traceoptions]
file no-world-readable;

Configuring a Regular Expression for Lines to Be Logged

By default, the trace operation output includes all lines relevant to the logged events.

You can refine the output by including the match statement at the [edit system processes general-authentication-service file filename] hierarchy level and specifying a regular expression (regex) to be matched:

[edit system processes general-authentication-service traceoptions]
file filename match regex;

Configuring Trace Operations

By default, only important events are logged. You can configure the trace operations to be logged by including the following statements at the [edit system <process-name> traceoptions] hierarchy level:

[edit system <process-name>traceoptions]
flag {
address-assignment;
all;
configuration;
framework;
ldap;
local-authentication;
no-remote-trace;
radius;
}

You can specify the following access tracing flags:

  • address-assignment—All address-assignment events
  • all—All tracing operations
  • configuration—Configuration events
  • framework—Authentication framework events
  • ldap—LDAP authentication events local-authentication
  • local-authentication—Local authentication events
  • no-remote-trace—Disable remote tracing for a specific process
  • radius—RADIUS authentication events

Published: 2009-07-15

[an error occurred while processing this directive]