Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


traceoptions (DDoS)


Hierarchy Level


Define tracing operations for DDoS protection processes.


file filename—Name of the file to receive the output of the tracing operation. Enclose the filename within quotation marks. All files are placed in the directory /var/log.

files number—(Optional) Maximum number of trace files to create before overwriting the oldest one. If you specify a maximum number of files, you also must specify a maximum file size with the size option.

  • Range: 2 through 1000

  • Default: 3 files

flag flag—Tracing operation to perform. To specify more than one tracing operation, include multiple flag statements. You can include the following flags:

  • all—Trace all operations.

  • config—Trace processing of the DDoS configuration at an extensive level.

  • events—Trace jddosd event processing; currently only exit events are traced.

  • gres—Trace messages exchanged with the kernel and jddosd process that could affect graceful Routing Engine switchover (GRES).

  • init—Trace jddosd initialization.

  • ipc—Trace interface interprocess communication (IPC) messages.

  • memory—Trace memory management code. This flag is not currently supported.

  • protocol—Trace DDoS protocol state processing. Only the violation state is currently traced.

  • rtsock—Trace messages exchanged with the kernel and jddosd process.

  • signal—Trace system signals that are passed to jddosd, such as SIGTERM.

  • socket—Trace socket messages that are passed to jddosd from the Packet Forwarding Engine.

  • state—Trace state machine events. This flag is not currently supported.

  • timer—Trace jddosd timer events.

  • ui—Trace user interface processing. This flag is not currently supported.

level—Level of tracing to perform. You can specify any of the following levels:

  • all—Match all levels.

  • error—Match error conditions.

  • info—Match informational messages.

  • notice—Match notice messages about conditions requiring special handling.

  • verbose—Match verbose messages.

  • warning—Match warning messages.

match regular-expression—(Optional) Refine the output to include lines that contain the regular expression.

no-remote-trace—Disable remote tracing.

no-world-readable—(Optional) Disable unrestricted file access.

size maximum-file-size—(Optional) Maximum size of each trace file. By default, the number entered is treated as bytes. Alternatively, you can include a suffix to the number to indicate kilobytes (KB), megabytes (MB), or gigabytes (GB). If you specify a maximum file size, you also must specify a maximum number of trace files with the files option.

  • Syntax: sizek to specify KB, sizem to specify MB, or sizeg to specify GB

  • Range: 10,240 through 1,073,741,824

world-readable—(Optional) Enable unrestricted file access.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.2.

Support for Enhanced Subscriber Management added in Junos OS Release 17.3R1.