Junos OS

Send any trace logs to remote syslog server.

  • 1.  Send any trace logs to remote syslog server.

    Posted 01-27-2021 09:29
    This will setup a Junos device  to send traces off the box as well as keeping  a local copy .  
    I'm just doing a little updated from   https://nextheader.net/2016/05/13/sending-junos-traceoptions-to-a-syslog-server/
    just to fill in a few details.. 

    Step one setup your  trace
    traceoptions {
    file jdhcp-logfile size 10m files 4;
    level all;
    flag all;

    Step two
    Now we setup local juniper device  to NOT log since you don't want the newly tagged logs (you will see that in a few seconds)to be double logged in your trace file and your messages.
    edit system syslog
    host {
    any notice;
    authorization info;

    file messages {
    any notice;
    authorization info;
    match "!.*Remote_Trace.*";

    The Remote_Trace can be anything you want it to be as this is a TAG used with syslog on the next command.  I suggest like all good code you make it something you can use often and on many.

    Now login to the shell as root  to read the trace and pipe the trace log fail to logger command. The logger command will tag each line entry sent to it  with the tag  Remote_Trace and send it to normal syslog thus  to the remote hosts you define and to messages.. EXCEPT in messages syntax we tell it to drop syslogs with that tag above.

    tail -F /var/log/jdhcp-logfile | logger -t Remote_Trace& 
    EDIT. 1/29/21
    As posted by Paris ARAU in the referenced url above. Use the  -F not -f 
    I have not verified just yet but im 99% sure that =    --follow=name in that case.
    That causes tail to track the named file  in a way that accommodates  renaming, removal and creation. aka log rotation.
    Will repost if the log rotate will copytruncate the file or move the file descriptor and break the tail.

    Now on the remote syslog it would be good practice to filter all things with that tag to its own file .
    So on my remote Linux rsyslog config I have
    if $syslogtag contains 'Remote_Trace' then /var/log/Juniper/Remote_Trace.log
    & stop

    Now I have on device and off device trace logs..      DAMN you Junos for being so Flexible !