SRX

Expand all | Collapse all

trimming message logs

Jump to Best Answer
  • 1.  trimming message logs

     
    Posted 06-30-2019 18:35

    Hi all,

    I've tried a little bit but I need more efficient command to get only IP address from the a high number of the following the same MSRPC message logs but with different IP addresses.

     

     

    Jul 1 10:07:13 xxxxxx junos-alg: RT_ALG_WRN_CFG_NEED: MSRPC ALG detected packet from 10.10.31/49737 which need extra policy config with UUID:f309ad18-d86a-11d0-a075-00c04fb68820 or 'junos-ms-rpc-any' to let it pass-through on ASL session

     

    Shortly what I want to see is like:

    10.10.31/59737
    10.11.15/39737
    10.105.20/55737
    10.118.120/59737
    10.101.115/39737
    10.111.120/55737
    .
    ..
    ...
    ....
    ....



  • 2.  RE: trimming message logs

    Posted 06-30-2019 19:20

    Hello Arix,

     

    You use the "trim" command to trim specified number of columns from start of the line.

    For example:

    Without using trim command, the output would be this:

    root@XXXXXX> show log messages

    Jul 1 10:07:13 xxxxxx junos-alg: RT_ALG_WRN_CFG_NEED: MSRPC ALG detected packet from 10.10.31/49737

     

    With using the trim command the output would be this:

    root@XXXXXX> show log messages | match junos-alg | trim 85

     

    10.10.31/49737

     

    You need to count the number of columns you need to trim based on what logs you are viewing. Hope this helps.

     

    Regards,

    Prakash



  • 3.  RE: trimming message logs
    Best Answer

     
    Posted 06-30-2019 20:43

    No skprakash, it didn;t work... see the following:

     

    >show log messages | match junos-alg | trim 85


    t from 10.10.3.22/64751 which need extra policy config with UUID:f309ad18-d86a-11d0-a075-00c04fb68820 or 'junos-ms-rpc-any' to let it pass-through on ASL session

     

    I want to see only ip address and ports not rest of them....



  • 4.  RE: trimming message logs

     
    Posted 06-30-2019 21:08

    Hi,

     

    I would rather use grep and awk. Is this ok for you?

     

    root@srx>start shell

    root@srx% cd /var/log/

     

    root@srx% cat messages
    Jul 1 10:07:13 xxxxxx junos-alg: RT_ALG_WRN_CFG_NEED: MSRPC ALG detected packet from 10.10.31/49737 which need extra policy config with UUID:f309ad18-d86a-11d0-a075-00c04fb68820 or 'junos-ms-rpc-any' to let it pass-through on ASL session


    root@srx% cat messages | grep RT_ALG_WRN_CFG_NEED | awk '{print $12}'
    10.10.31/49737

     

    I hope this helps. Regards,

     

    Vikas



  • 5.  RE: trimming message logs

     
    Posted 07-01-2019 03:48

    Hi Nelumbo,

    How can be done the same output by junos cli?



  • 6.  RE: trimming message logs

    Posted 07-01-2019 04:27

    From 15.1X49 onwards, you can execute shell commands without going to shell using below cli. The argument 'command' is hidden by default:

    start shell sh command "cat /var/log/messages | grep RT_ALG_WRN_CFG_NEED | awk '{print $12}'" 

     



  • 7.  RE: trimming message logs

     
    Posted 07-01-2019 16:37

    Hi all,

    The following command is working at the Junos CLI level. No problem.

    >start shell sh command "cat /var/log/messages | grep RT_ALG_WRN_CFG_NEED | awk '{print $12}'" 

     

    But I am still concerning about it should be a junos CLI command to get same output.

    Like CLI below, you are getting only output that exactly you needed. 

    >show interfaces ge-0/0/0 extensive | match "^ +[0-7]| counter:" | except none$

     

    Any one has any ideas about my 2 previous post?



  • 8.  RE: trimming message logs

    Posted 07-01-2019 18:12
    Unfortunately, there is no Junos cli command to extract a specific word or item only from a single line of message or output.