Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

EX2300- syslog suggested configuration

Jump to Best Answer
  • 1.  EX2300- syslog suggested configuration

    Posted 06-30-2021 08:21
    bonjour groupe, 

    Is there any syslog recommended configuration ? 

    I am asking because the one I am using seems to me ridiculously long and I suspect it clog the log messages files with useless informations. 
    I believe this configuration was suggested by Jtac for diagnostic for a particular case.  
    any opinion/suggestion ? 

        syslog {
            user * {
                any emergency;
            }
            file messages {
                any any;
                authorization any;
            }
            file interactive-commands {
                interactive-commands any;
            }
            file default-log-messages {
                any any;
                match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
                structured-data;
            }​
    here it is. 

    thanks for your help, 
    Michel


    ------------------------------
    Michel Lapointe
    ------------------------------


  • 2.  RE: EX2300- syslog suggested configuration
    Best Answer

     
    Posted 08-10-2021 09:14
    Hi Michael,

    To ensure the log messages are less flooding than "any any", you can revert the settings to something like "any warning" or "any notice" and restrict the file size and count per log file.  Here is an example config:

     syslog {
            archive size 100k files 3;
            user * {
                any emergency;
            }
            host a.b.c.d {
                any notice;
            }
            file messages {
                any warning;
                authorization none;
                firewall none;
                interactive-commands none;
                match "!(.*Input IFL not found.*)";
                explicit-priority;
            }
            file interactive-commands {
                interactive-commands any;
                explicit-priority;
            }
            file syslog {
                any warning;
                interactive-commands any;
                explicit-priority;
            }
            file firewall {
                firewall any;
                explicit-priority;
            }
            file login-attempts {
                authorization any;
                explicit-priority;
            }
        }


    after reducing "any any" logging to "any warning", that should reduce your logging already.  To reduce further, you can check "show log messages" and filter out any frequent log messages you can ignore safely.  In case you need to filter out, here are the two articles explaining how to do this:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB9382&actp=METADATA
    https://kb.juniper.net/InfoCenter/index?page=content&id=KB9382&actp=METADATA

    Hope this helps.
    Regards,
    -r.
    --------------------------------------------------
    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).