Switching

 View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  remove message from syslog

    Posted 12-10-2019 12:46

    Hello,

     

    I'm trying to figure out why I can't stop a particular error message from filling up the logs on my syslog server. I've put a match in place already that should be stopping them, but for some reason the events keep showing on my syslog.

     

    It's a known issue with the ex2300 apparently, and I get all kinds of the these mac_add and mac_delete events:

    https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1352722

     

    I have the following filter in place to remove these, and a few others:

    set system syslog file messages match "!(ifd null)|(pfe_bcm_l2_mac_add)|(pfe_bcm_l2_mac_delete)|(.*loadDefaultService:: supported on tomcat only.*)"

     

    Am I missing something ? 



  • 2.  RE: remove message from syslog

     
    Posted 12-10-2019 13:23

    Hi trink408,

     

     Try adding regex    .*   to match any character before or after your matches. You can include them all in a single parenthesis and separate them using pipe:

     

    set system syslog file messages match "!(.*ifd null*.|.*pfe_bcm_l2_mac_add.*|.*pfe_bcm_l2_mac_delete.*|.*loadDefaultService:: supported on tomcat only.*)"

     

    Regards!

     

    Please mark as solved if it cleared your concern

     



  • 3.  RE: remove message from syslog

    Posted 12-10-2019 19:06

    Hi Trink, 

     

    Greetings, 

    From the link shared I understand that you want to filter the pfe_bcm_l2_mac_add and pfe_bcm_l2_mac_delete logs. We will have to modify the match condition as below:

     

    set system syslog file messages match "!(.*ifd null.*|.*pfe_bcm_l2_mac_add.*|.*pfe_bcm_l2_mac_delete.*|.*loadDefaultService:: supported on tomcat only.*)"

     

    Note: Any log entries that are prevented from being written to the log file will be lost and cannot be recovered.

     

    Please mark "Accept as solution" if this answers your query.

     

    Kudos are appreciated too! Smiley Happy 

     

    Regards,

    Sharat Ainapur



  • 4.  RE: remove message from syslog

    Posted 12-11-2019 04:42

    Thanks for the tips.

     

    I tried this method, but it still didn't stop the log events:

    set system syslog file messages match "!(.*ifd null.*|.*pfe_bcm_l2_mac_add.*|.*pfe_bcm_l2_mac_delete.*|.*loadDefaultService:: supported on tomcat only.*)"

     

    Is it worth restarting the syslog service or something to see if that helps? 



  • 5.  RE: remove message from syslog

    Posted 12-11-2019 05:03

    Below is my full syslog config, is part of the problem because I've called out syslog host any error, and then set syslog file messages any notice? 

     

    set system syslog user * any emergency
    set system syslog host xx.xxx.xx.xx.xxx any error
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file messages match "!(.*ifd null.*|.*pfe_bcm_l2_mac_add.*|.*pfe_bcm_l2_mac_delete.*|.*loadDefaultService:: supported on tomcat only.*)"
    set system syslog file interactive-commands interactive-commands any



  • 6.  RE: remove message from syslog
    Best Answer

    Posted 12-11-2019 06:06

    How I was using the match was the problem, I needed to add the match string to the syslog host, I only had it added to the local syslog file.

     

    This match fixed it:

     

    set system syslog host xxxxxxxxxxxxx match "!(.*ifd null.*|.*pfe_bcm_l2_mac_add.*|.*pfe_bcm_l2_mac_delete.*|.*loadDefaultService:: supported on tomcat only.*)"

     

    Thank you,