4 mins read

Syslog

SRL0Tagged ,

We can configure Junos syslog at the [edit system syslog] hierarchy level, and we can direct the system syslog messages to the following destinations: (console | file filename | host destination | user username):

root@r1# set system syslog ?                    
Possible completions:
  allow-duplicates     Do not suppress the repeated message for all targets
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> archive              Archive file information
> console              Console logging
> file                 File in which to log data
> grpc-replay          GRPC streaming
> host                 Host to be notified
  log-rotate-frequency  Rotate log frequency (1..59 minutes)
  routing-instance     Routing instance
> server               Enable syslog server
  source-address       Use specified address as source address
> time-format          Additional information to include in system log timestamp
> user                 Notify a user of the event

For all destinations we must mention the Facility and Severity: 

set system syslog console facility severity
set system syslog file file-name facility severity
set system syslog host host-ip facility severity
set system syslog user user-name facility severity

The Junos OS system logging facilities that you can specify in configuration statements:

Facility (number)Type of Event or Error
kernel (0)The Junos OS kernel performs actions and encounters errors.
user (1)User-space perform actions or encounter errors.
daemon (3)System perform actions or encounter errors.
authorization (4)Authentication and authorization attempts.
ftp (11)FTP performs actions or encounters errors.
ntp (12)Network Time Protocol performs actions or encounters errors.
dfc (17)Events related to dynamic flow capture.
external (18)The local external applications perform actions or encounter errors.
firewall (19)The firewall filter performs packet filtering actions.
pfe (20)The Packet Forwarding Engine performs actions or encounters errors.
conflict-log (21)Specified configuration is invalid on the router type.
change-log (22)Changes to the Junos OS configuration.
interactive-commands (23)A client application such as a Junos XML protocol or NETCONF XML client issues commands at the Junos OS command-line interface (CLI) prompt.

And the Severity levels:

ValueSeverity LevelDescription
N/AnoneDisables logging of the associated facility to a destination.
0emergencySystem panic or other condition that causes the router to stop functioning.
1alertConditions that require immediate correction, such as a corrupted system database.
2criticalCritical conditions, such as hard errors.
3errorError conditions that generally have less serious consequences than errors at the emergency, alert, and critical levels.
4warningConditions that warrant monitoring.
5noticeConditions that are not errors but might warrant special handling.
6infoEvents or non-error conditions of interest.
7anyIncludes all severity levels.

The levels from emergency through info are in the order from highest severity (greatest effect on functioning) to lowest. Unlike the other severity levels, the none level disables logging of a facility instead of indicating how seriously a triggering event affects routing functions.

When you configure a specific severity level for logging, the system logs messages at that level and at higher (more severe) levels. For example, if you configure ‘error’ (level 3), the system logs messages at levels 0 (emergency), 1 (alert), 2 (critical), and 3 (error) but does not log at levels 4 through 7.

Find next the Facility and Severity levels at the CLI level:

root@r1# set system syslog file messages ?
Possible completions:
  allow-duplicates     Do not suppress the repeated message
  any                  All facilities
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> archive              Archive file information
  authorization        Authorization system
  change-log           Configuration change log
  conflict-log         Configuration conflict log
  daemon               Various system processes
  dfc                  Dynamic flow capture
  explicit-priority    Include priority and facility in messages
  external             Local external applications
  firewall             Firewall filtering system
  ftp                  FTP process
  interactive-commands  Commands executed by the UI
  kernel               Kernel
  match                Regular expression for lines to be logged
+ match-strings        Matching string(s) for lines to be logged
  ntp                  NTP process
  pfe                  Packet Forwarding Engine
  security             Security related
> structured-data      Log system message in structured format
  user                 User processes

[edit]
root@r1# set system syslog file messages any ?  
Possible completions:
  alert                Conditions that should be corrected immediately
  any                  All levels
  critical             Critical conditions
  emergency            Panic conditions
  error                Error conditions
  info                 Informational messages
  none                 No messages
  notice               Conditions that should be handled specially
  warning              Warning messages

Here is a configuration example for syslog: 

set system syslog console daemon warning 
set system syslog file messages any any
set system syslog host 192.0.2.1 any notice
set system syslog user noc pfe errorset system syslog archive file 5 size 3m

External Resources:

Related Posts