Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  EX2300- syslog suggested configuration

    Posted 06-30-2021 08:21
    bonjour groupe, 

    Is there any syslog recommended configuration ? 

    I am asking because the one I am using seems to me ridiculously long and I suspect it clog the log messages files with useless informations. 
    I believe this configuration was suggested by Jtac for diagnostic for a particular case.  
    any opinion/suggestion ? 

        syslog {
            user * {
                any emergency;
            }
            file messages {
                any any;
                authorization any;
            }
            file interactive-commands {
                interactive-commands any;
            }
            file default-log-messages {
                any any;
                match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
                structured-data;
            }​
    here it is. 

    thanks for your help, 
    Michel


    ------------------------------
    Michel Lapointe
    ------------------------------


  • 2.  RE: EX2300- syslog suggested configuration
    Best Answer

     
    Posted 08-10-2021 09:14
    Hi Michael,

    To ensure the log messages are less flooding than "any any", you can revert the settings to something like "any warning" or "any notice" and restrict the file size and count per log file.  Here is an example config:

     syslog {
            archive size 100k files 3;
            user * {
                any emergency;
            }
            host a.b.c.d {
                any notice;
            }
            file messages {
                any warning;
                authorization none;
                firewall none;
                interactive-commands none;
                match "!(.*Input IFL not found.*)";
                explicit-priority;
            }
            file interactive-commands {
                interactive-commands any;
                explicit-priority;
            }
            file syslog {
                any warning;
                interactive-commands any;
                explicit-priority;
            }
            file firewall {
                firewall any;
                explicit-priority;
            }
            file login-attempts {
                authorization any;
                explicit-priority;
            }
        }


    after reducing "any any" logging to "any warning", that should reduce your logging already.  To reduce further, you can check "show log messages" and filter out any frequent log messages you can ignore safely.  In case you need to filter out, here are the two articles explaining how to do this:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB9382&actp=METADATA
    https://kb.juniper.net/InfoCenter/index?page=content&id=KB9382&actp=METADATA

    Hope this helps.
    Regards,
    -r.
    --------------------------------------------------
    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).