traceoptions (Services IPsec VPN)
Syntax
traceoptions {
file <filename> <files number> <match regular-expression> <size bytes> <world-readable | no-world-readable>;
flag flag;
level level;
no-remote-trace;
}
Hierarchy Level
[edit services ipsec-vpn]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Configure IPsec tracing operations. By default, messages are written to /var/log/kmd.
Options
files number—Maximum number of trace data files.
Range: 2 through 1000
flag flag—Tracing
operation to perform:
all—Trace everything.certificates—Trace certificates that apply to the IPsec service set.database—Trace security associations database events.general—Trace general events.ike—Trace IKE module processing.parse—Trace configuration processing.policy-manager—Trace policy manager processing.routing-socket—Trace routing socket messages.snmp—Trace SNMP operations.timer—Trace internal timer events.
level level—Key
management process (kmd) tracing level. The following values are supported:
all—Match all levels.error—Match error conditions.info–Match informational messages.notice—Match conditions that should be handled specially.verbose—Match verbose messages.warning—Match warning messages.
size bytes—Maximum trace
file size.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 7.5.
level option added in Junos OS Release 10.0.