Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

traceoptions (General Authentication Service)

Syntax

Hierarchy Level

Description

CAUTION:

Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.

Configure tracing options for the general authentication service.

Options

file filename—Name of the file to receive the output of the tracing operation. All files are placed in the directory /var/log.

files number—(Optional) Maximum number of trace files to create before overwriting the oldest one. If you specify a maximum number of files, you also must specify a maximum file size with the size option.

  • Range: 2 through 1000

  • Default: 3 files

filter—Additional filter to refine the output to display particular subscribers. Filtering based on the following subscriber identifier simplifies troubleshooting in a scaled environment.

  • user user@domain—Username of a subscriber. Optionally use an asterisk (*) as a wildcard to substitute for characters at the beginning or end of either term or both terms.

flag flag—Tracing operation to perform. To specify more than one tracing operation, include multiple flag statements. You can include the following flags:

  • address-assignment—Trace address-assignment pool events

  • all—Trace all tracing operations

  • configuration—Trace configuration events

  • framework—Trace authentication framework events

  • gx-plus—Trace Gx-Plus events

  • jsrc—Trace JSRC events

  • ldap—Trace LDAP authentication events

  • local-authentication—Trace local authentication events

  • radius—Trace RADIUS authentication events

  • user-access—Trace user access events, such as login, logout, and authenticate.

match regular-expression—(Optional) Refine the output to include lines that contain the regular expression.

no-remote-trace—Disable remote tracing.

no-world-readable—(Optional) Disable unrestricted file access.

size maximum-file-size—(Optional) Maximum size of each trace file. By default, the number entered is treated as bytes. Alternatively, you can include a suffix to the number to indicate kilobytes (KB), megabytes (MB), or gigabytes (GB). If you specify a maximum file size, you also must specify a maximum number of trace files with the files option.

  • Syntax: sizek to specify KB, sizem to specify MB, or sizeg to specify GB

  • Range: 10240 through 1073741824

  • Default: 128 KB

world-readable—(Optional) Enable unrestricted file access.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.0.

Related Documentation