Routing

Expand all | Collapse all

logfile turned over due to -F request and events logged

  • 1.  logfile turned over due to -F request and events logged

    Posted 11-11-2018 23:21

    > show log messages
    Nov 10 09:50:27 MOZZAZ_SRX340 newsyslog[93146]: logfile turned over due to -F request

    No logs are find in the log messages,and URL access logs also not working

     

     

     



  • 2.  RE: logfile turned over due to -F request and events logged

    Posted 11-12-2018 00:16

    There can be many reasons for this.

     

    Please start by providing configuration snippets for 'show configuration security log' and 'show configuration system syslog'.

     

    My guess is that you have enabled stream logging or haven't defined a syslog statement for local traffic flow logging. Please also remember to include log statement on relevant security policies.



  • 3.  RE: logfile turned over due to -F request and events logged

    Posted 11-12-2018 00:31
    @MOZZAZ_SRX340> show configuration security log mode event; MOZZAZ_SRX340# run show configuration system syslog archive size 100k files 3; user * { any emergency; } file interactive-commands { interactive-commands any; } file LogsWeb { any any; archive size 1024000000 files 1; structured-data; } file Logs { any any; archive size 1024000000 files 1; structured-data; }


  • 4.  RE: logfile turned over due to -F request and events logged

    Posted 11-12-2018 02:46

    can you confirm that you have "permit log session-init" and/or "permit og session-close" on your security policies?

     

    at the same, please provide output of 'file list /var/log/'.

    what if you do 'show log LogWeb' - are any data shown?



  • 5.  RE: logfile turned over due to -F request and events logged

    Posted 11-12-2018 03:39

    "permit log session-init" and/or "permit og session-close---Yes Its configured in policies

     

    @MOZZAZ_SRX340> file list /var/log/

    /var/log/:
    Logs
    Logs.0.gz
    Logs.1.gz
    Logs.2.gz
    LogsWeb
    __jsrpd_commit_check__
    aamwd_chk_only
    appidd
    authd_libstats
    authd_profilelib
    authd_sdb.log
    autod
    bin_messages
    chassisd
    cosd
    cscript.log
    da_cs_log_clt_6_0
    da_cs_log_dummy
    da_cs_log_svr_6_0
    dcd
    dcd_commit_check
    debug_wmid.1
    dfwc
    eccd
    ext/
    flowc/
    fpc_poweron_seq.log
    fwauthd_chk_only
    ggsn/
    gres-tp
    group_db.log
    httpd.log
    idpd_err
    idpinfo_err
    install
    interactive-commands
    interactive-commands.0.gz
    interactive-commands.1.gz
    interactive-commands.2.gz
    inventory
    ipfd
    ipfd_chk_only
    jam_chassisd
    jam_cosd
    jam_dcd
    jam_dfwd
    jam_l2ald
    jam_tnp.bootpd
    jdhcpd_era_discover.log
    jdhcpd_era_discover.log.0
    jdhcpd_era_discover.log.1
    jdhcpd_era_discover.log.2
    jdhcpd_era_discover.log.3
    jdhcpd_era_solicit.log
    jdhcpd_era_solicit.log.0
    jdhcpd_era_solicit.log.1
    jdhcpd_era_solicit.log.2
    jdhcpd_era_solicit.log.3
    jdhcpd_era_v4_blq.log
    jdhcpd_era_v4_blq.log.0
    jdhcpd_era_v4_blq.log.1
    jdhcpd_era_v4_blq.log.2
    jdhcpd_era_v4_blq.log.3
    jdhcpd_era_v6_blq.log
    jdhcpd_era_v6_blq.log.0
    jdhcpd_era_v6_blq.log.1
    jdhcpd_era_v6_blq.log.2
    jdhcpd_era_v6_blq.log.3
    jdhcpd_sdb.log
    jnud
    jsrpd
    kmd
    license
    license_subs_trace.log
    mastership
    messages
    messages.0.gz
    messages.1.gz
    messages.2.gz
    messages.3.gz
    nginx.log
    nsd
    nsd_chk_only
    nstraced
    nstraced_chk_only
    op-script.log
    pcre_db.log
    pfed_jdhcpd_trace.log
    rexp_db.log
    rtlog_file
    rtlogd
    snapshot
    userid_chk_only
    utmd-av
    vital/
    wtmp
    wtmp.0.gz
    wtmp.1.gz

    @MOZZAZ_SRX340> show log LogWeb
    error: could not resolve file: LogWeb



  • 6.  RE: logfile turned over due to -F request and events logged

    Posted 11-12-2018 04:28

    i made a typo - should have been 'show log LogsWeb'... overall it looks right logfiles are being created and rotated.

     

    You have to know that only a subset of logs will go into /var/log/messages. I suggest that you read a bit regarding syslog and srx: https://kb.juniper.net/InfoCenter/index?page=content&id=kb16502

     

    For further analyze can you please go into the system shell and do a 'ls -al /var/log' to see when files last were changed.