This will setup a Junos device to send traces off the box as well as keeping a local copy .
I'm just doing a little updated from
https://nextheader.net/2016/05/13/sending-junos-traceoptions-to-a-syslog-server/just to fill in a few details..
Step one setup your trace how ever you need them.
traceoptions {
file jdhcp-logfile size 10m files 4;
level all;
flag all;
Step two
Setup local juniper device to NOT log to messages since you don't want the newly tagged logs (you will see that in a few seconds)to be double logged both in your trace file and your messages.
edit system syslog
host 192.168.158.253 {
any notice;
authorization info;
}
file messages {
any notice;
authorization info;
match "!.*Remote_Trace.*";
The Remote_Trace can be anything you want it to be as this is a TAG used with syslog on the next command. I suggest like all good code you make it something you can use often and on many.
Now login to the shell as root to read the trace and pipe the trace log fail to logger command. The logger command will tag each line entry sent to it with the tag Remote_Trace and send it to normal syslog thus to the remote hosts you define and to messages.. EXCEPT in messages syntax we tell it to drop syslogs with that tag above.
tail -F /var/log/jdhcp-logfile | logger -t Remote_Trace&
EDIT. 1/29/21
As posted by
Paris ARAU in the referenced url above. Use the -F not -f
I have not verified just yet but im 99% sure that = --follow=name in that case.
That causes tail to track the named file in a way that accommodates renaming, removal and creation. aka log rotation.
Will repost if the log rotate will copytruncate the file or move the file descriptor and break the tail.
Now on the remote syslog it would be good practice to filter all things with that tag to its own file .
So on my remote Linux rsyslog config I have
if $syslogtag contains 'Remote_Trace' then /var/log/Juniper/Remote_Trace.log
& stop
Now I have on device and off device trace logs.. DAMN you Junos for being so Flexible !