Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Example: Configuring traceoptions for logical systems

0

0

Article ID: KB32586 KB Last Updated: 11 May 2018Version: 1.0
Summary:

In some scenarios where multiple logical systems are involved, traceoptions must be applied for debugging purposes. However, traceoptions cannot be applied within logical systems; it must be configured in the root logical system and the lsys name called in the filter.

This article describes the step-by-step configuration of traceoptions for logical systems by using an example.

Solution:

To configure traceoptions in logical systems:

  1. Log in to the SRX device and enter configuration mode.

  2. Specify the file in which the debug log will be stored for "security flow":
    ​# set security flow ​traceoptions file flow-trace

    This sets the security flow debug file to the name flow-trace.

  3. Set the traceoptions flag:
    # set security flow traceoptions flag basic-datapath

    This sets ​traceoptions to perform a basic data flow.

  4. Use filters to reduce the volume of data:
    # set security flow traceoptions packet-filter pf1 source-prefix 198.20.20.2
  5. Add the logical system’s name in the packet filter.
    # set security flow traceoptions packet-filter pf1 logical-system LSYS-STS 

    This sets traceoptions to log traces for the specified logical systems.

  6. Issue commit to apply the configuration and exit configuration mode. Logging starts after the commit.
# commit and-quit

Viewing Debugs

The traceoptions debug files can be viewed with the show log <tracefilename> command.

For the above example, run the following command:

> show log flow-trace

Use additional options to match, trim, and find by using the pipe output (see the "Making Output More Readable" section in KB16108 - SRX Getting Started -- Configuring Traceoptions for Debugging and Trimming Output).

Stopping traceoptions

  • Enter deactivate <option> traceoptions to stop the trace. This is a good option if you need to activate the trace in the future.
  • Use activate <option> traceoptions to start capturing debug information again.
# deactivate security flow traceoptions
# commit

OR

  • If you want to delete the option, enter the delete <option> traceoptions command.
# delete security flow traceoptions
# commit

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search