traceoptions (Security PKI)

Syntax

Hierarchy Level

Description

Configure security public key infrastructure (PKI) trace options. To specify more than one trace option, include multiple flag statements. Trace option output is recorded in the /var/log/pkid file.

Options

`file filename`	Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. To include the `file` statement, you must specify a filename.
`files number`	(Optional) Maximum number of trace files. When a trace file (for example, `pkid`) reaches its maximum size, it is renamed `pkid.0`, then `pkid.1`, and so on, until the maximum number of trace files is reached. When the maximum number is reached, the oldest trace file is overwritten. If you specify a maximum number of files, you must also specify a maximum file size with the `size` option.

Range: 2 through 1000 files

Default: 2 files

flag

Trace operation to perform. To specify more than one trace operation, include multiple flag statements:

`all`	Trace with all flags enabled.
`certificate-verification`	Trace PKI certificate verification events.
`online-crl-check`	Trace PKI online certificate revocation list (CRL) events.
`enrollment`	PKI certificate enrollment tracing.

match regular-expression

(Optional) Refine the output to include lines that contain the regular expression.

size maximum-file-size

(Optional) Maximum size of each trace file, in kilobytes (KB). If you specify a maximum file size, you also must specify a maximum number of trace files with the files number option.

Default: 1024 KB

world-readable | no-world-readable

(Optional) By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

ON THIS PAGE