Hi,
It looks like you've set up your regex filter correctly for matching the log messages. However, to ensure that the matched log entries are sent to your syslog server, you'll need to make sure that your system is correctly configured to forward the logs.
Here are a few things to check:
-
Syslog Configuration:
Verify that your syslog configuration includes the necessary rules to forward logs with the matching entries. Ensure that your syslog server is properly receiving logs from the EX3200. You can check the configuration in the syslog section of your Juniper device's settings.
-
Log Forwarding:
Double-check the log forwarding settings on your Juniper device. For example, if you're using syslog host commands in your configuration, ensure the log severity level is set correctly to match the severity of the log messages you're trying to send (in this case, error or informational logs related to port security).
-
Testing with Simulated Events:
You can simulate the error condition or trigger the port security violation to see if your syslog configuration correctly captures and forwards the logs. This will help ensure that the regex pattern is effectively matching the log entries and forwarding them as expected.
-
Check Log Filters:
Sometimes, additional filters can block certain log types from being forwarded. Ensure there are no additional filters that might be inadvertently suppressing these messages from being sent to the syslog server.
If you're planning to implement alert notifications via SMS for these types of events, you might consider setting up an SMS service to integrate with your system for more immediate and automated alerts.
Hope this helps, and let me know if you need further assistance!
Best regards,
Ariyan Khan
------------------------------
ariyan khan
------------------------------
Original Message:
Sent: 03-08-2011 11:37
From: Erdem
Subject: Turn log messages into Syslog messages?
I have port security enabled on my EX3200. When the MAC limit is reached messages are logged to the messages log as such:
eswd[893]: ESWD_MAC_LIMIT_BLOCK: MAC limit (1) exceeded at ge-0/0/37.0: shutting down the interface
I have setup the following:
host xxx.xxx.xxx.xxx {
security error;
user error;
match ".*(ESWD_BPDU_BLOCK_ERROR_DISABLED|ESWD_MAC_LIMIT_BLOCK).*";
I have tested my Regex in a regex editor and it finds the lines without issue. How do I get these to actually send a message to my syslog server??