Hello, i need help about syslog in Junos.
I need to separate some kind of messages, wich by default are logged in file "messages", to another file. I could do it using regular expressions:
set system syslog file snmp-auth any any
set system syslog file snmp-auth match .*SNMPD_AUTH_FAILURE*
So i get:
admin@router1# run show log snmp-auth
Oct 6 18:41:22 rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)
Oct 6 18:44:45 rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)
It's OK, works. But, i'm still seeing this messages in "messages" file:
admin@router1# run show log messages | match SNMPD_AUTH_FAILUR
Oct 6 18:41:22 rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)
Oct 6 18:44:45 rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)
So, it does not work how i expected, because i dont want to see it repeated in "messages". In fact, what interests me most is that the file messages dont show some kind of lines with info that i already know.
The rest of config in syslog:
set system syslog archive size 1M
set system syslog archive files 5
set system syslog user * any emergency
set system syslog host xxx.xxx.xxx.xxx any info
set system syslog host xxx.xxx.xxx.xxx facility-override local7
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file snmp-auth any any
set system syslog file snmp-auth match .*SNMPD_AUTH_FAILURE*
Im working with a MX10, JUNOS Base OS Software Suite [12.3R4.6].
Thanks!
Marcelo.