traceoptions (flow)
Syntax
traceoptions {
file< filename><files files><match match><size size><(world-readable | no-world-readable)>;
flag name;
local-debug-buf {
size size;
}
no-remote-trace;
packet-filter name {
conn-tag conn-tag;
destination-port(afs | bgp | biff | bootpc | bootps | cmd | cvspserver | dhcp | domain | eklogin | ekshell | exec | finger | ftp | ftp-data | http | https | ident | imap | kerberos-sec | klogin | kpasswd | krb-prop | krbupdate | kshell | ldap | ldp | login | mobileip-agent | mobilip-mn | msdp | netbios-dgm | netbios-ns | netbios-ssn | nfsd | nntp | ntalk | ntp | pop3 | pptp | printer | radacct | radius | range | rip | rkinit | smtp | snmp | snmptrap | snpp | socks | ssh | sunrpc | syslog | tacacs | tacacs-ds | talk | telnet | tftp | timed | who | xdmcp | zephyr-clt | zephyr-hm | zephyr-srv);
destination-prefix destination-prefix;
interface interface;
protocol(ah | egp | esp | gre | icmp | icmp6 | igmp | ipip | number | ospf | pim | rsvp | sctp | tcp | udp);
source-port(afs | bgp | biff | bootpc | bootps | cmd | cvspserver | dhcp | domain | eklogin | ekshell | exec | finger | ftp | ftp-data | http | https | ident | imap | kerberos-sec | klogin | kpasswd | krb-prop | krbupdate | kshell | ldap | ldp | login | mobileip-agent | mobilip-mn | msdp | netbios-dgm | netbios-ns | netbios-ssn | nfsd | nntp | ntalk | ntp | pop3 | pptp | printer | radacct | radius | range | rip | rkinit | smtp | snmp | snmptrap | snpp | socks | ssh | sunrpc | syslog | tacacs | tacacs-ds | talk | telnet | tftp | timed | who | xdmcp | zephyr-clt | zephyr-hm | zephyr-srv);
source-prefix source-prefix;
}
rate-limit rate-limit;
root-override;
trace-level {
(brief | detail | minimal);
}
}Hierarchy Level
[edit logical-systems name security flow]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Starting in Junos OS Release 24.2R1, we support local-debug-buf option
to configure number of lines for the flow local trace buffer, and the maximum lines
allowed is 40,000. A new flag packet-track has been introduced to get
information about the packet being handled in SRX data path, The flag
packet-track should be configured in root logical system. To track
information about the packets in non root logical system use the option
root-override along with flag packet-track.
Options
| no-remote-trace |
Disable remote tracing |
| rate-limit |
Limit the incoming rate of trace messages
|
| root-override |
Allow collect flow trace in root from all logical-systems and tenants |
| trace-level |
Flow trace level
|
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 24.2R1.