Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


traceoptions (Security Log)


Hierarchy Level


Configure security log tracing options.


  • file—Configure the trace file options.

    • filename—Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. All files are placed in the directory /var/log. By default, the name of the file is the name of the process being traced.

    • files number—Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed to trace-file.0, then trace-file.1, and so on, until the maximum number of trace files is reached. The oldest archived file is overwritten.

      If you specify a maximum number of files, you also must specify a maximum file size with the size option and a filename.

      Range: 2 through 1000 files

      Default: 10 files

    • match regular-expression—Refine the output to include lines that contain the regular expression.

    • size maximum-file-size—Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed trace-file.0. When the trace-file again reaches its maximum size, trace-file.0 is renamed trace-file.1 and trace-file is renamed trace-file.0. This renaming scheme continues until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

      If you specify a maximum file size, you also must specify a maximum number of trace files with the files option and a filename.

      Syntax: x K to specify KB, x m to specify MB, or x g to specify GB

      Range: 10 KB through 1 GB

      Default: 128 KB

    • world-readable | no-world-readable—By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

  • flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.

    • all—Trace with all flags enabled

    • configuration—Trace configuration events

    • hpl— Trace HPL logging

    • report— Trace report

    • source—Communicate with security log forwarder

  • no-remote-trace—Set remote tracing as disabled.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

Release Information

Statement modified in Junos OS Release 9.2.

The [edit logical-systems name security log] and [edit tenants tenant-name security log] hierarchy levels introduced in Junos OS Release 19.1R1.