Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

traceoptions (Services SSL)

Syntax

Hierarchy Level

Description

CAUTION:

Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.

Specify the trace file information.

Debug tracing on both Routing Engine and the Packet Forwarding Engine can be enabled for SSL proxy by using [edit services ssl traceoptions] command.

Options

  • file-name—Specify the name of file in which to write trace information.

    • files—Specify the maximum number of trace files. Range: 2 to 1000.

    • match—Specify the regular expression for lines to be logged. This statement is supported on the SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall.

    • no-world-readable size—Do not allow any user to read the log file.

    • size—Specify the maximum trace file size. Range: 10,240 to 1,073,741,824.

    • world-readable—Allow any user to read the log file.

  • flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

    • all—Trace all the parameters.

    • cli-configuration—Trace CLI configuration events.

    • initiation—Trace initiation service events.

    • proxy—Trace proxy service events.

    • selected-profile—Trace events for profiles with enable-flow-tracing set.

    • termination—Trace termination service events.

  • level—Set the level of debugging the output option.

    • brief—Match brief messages.

    • detail—Match detail messages.

    • extensive—Match extensive messages.

    • verbose—Match verbose messages.

  • no-remote-trace—Set remote tracing as disabled.

  • packet-filter—Set packet filter to capture the traffic details.

    • destination-ip ipvaddress—Specify a destination IP address.

      Range—1 through 65535

    • destination-port port-number—Specify a destination port.

    • source-ip ip-address—Specify a source IP address.

    • source-port port-number—Specify a source IP port.

      Range—1 through 65535

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X44-D10. This statement is supported on the SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall. Junos OS Release 19.3R1 introduces packet-filter statement.

Related Documentation