Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
System Log Messages Overview
JUNOS software generates system log messages (also called syslog messages) to record events that occur on the device, including the following:
- Routine operations, such as creation of an Open Shortest Path First (OSPF) protocol adjacency or a user login into the configuration database
- Failure and error conditions, such as failure to access a configuration file or unexpected closure of a connection to a child or peer process
- Emergency or critical conditions, such as device power-off due to excessive temperature
The JUNOS system logging utility is similar to the UNIX syslogd utility. Each system log message identifies the software process that generated the message and briefly describes the operation or error that occurred.
Reboot requests are recorded to the system log files, which you can view with the show log command. Also, you can view the names of any processes running on your system with the show system processes command.
System Log Message Destinations
You can send system logging information to one or more destinations. The destinations can be one or more files, one or more remote hosts, the terminals of one or more users if they are logged in, and the system console.
- To direct messages to a named file in a local file system, see Sending System Log Messages to a File.
- To direct messages to the terminal session of one or more specific users (or all users) when they are logged into the device, see Sending System Log Messages to a User Terminal.
- To direct messages to the device console, see the Junos System Log Messages Reference.
- To direct messages to a remote machine that is running the UNIX syslogd utility, see the Junos System Log Messages Reference.
System Log Facilities and Severity Levels
When specifying the destination for system log messages, you can specify the class (facility) of messages to log and the minimum severity level (level) of the message for each location.
Each system log message belongs to a facility, which is a group of messages that are either generated by the same software process or concern a similar condition or activity.
Table 195 lists the system logging facilities, and Table 196 lists the system logging severity levels. For more information about system log messages, see the Junos System Log Messages Reference.
Table 195: System Logging Facilities
Facility | Description |
|---|---|
any | Any facility |
authorization | Any authorization attempt |
change-log | Any change to the configuration |
cron | Cron scheduling process |
daemon | Various system processes |
interactive-commands | Commands executed in the CLI |
kernel | Messages generated by the JUNOS kernel |
user | Messages from random user processes |
Table 196: System Logging Severity Levels
Severity Level (from Highest to Lowest Severity) | Description |
|---|---|
emergency | System panic or other conditions that cause the routing platform to stop functioning. |
alert | Conditions that must be corrected immediately, such as a corrupted system database. |
critical | Critical conditions, such as hard drive errors. |
error | Standard error conditions that generally have less serious consequences than errors in the emergency, alert, and critical levels. |
warning | Conditions that warrant monitoring. |
notice | Conditions that are not error conditions but are of interest or might warrant special handling. |
info | Informational messages. This is the default. |
debug | Software debugging messages. |
Control and Data Plane Logs
JUNOS software generates separate log messages to record events that occur on the system’s control and data planes.
- The control plane logs include events that occur on the routing platform. The system sends control plane events to the eventd process on the Routing Engine, which then handles the events by using JUNOS policies and/or by generating system log messages. You can choose to send control plane logs to a file, user terminal, routing platform console, or remote machine. To generate control plane logs, use the syslog statement at the [system] hierarchy level
- The data plane logs primarily include security events
that the system has handled directly inside the data plane. How the
system handles data plane events depends on the device:
- For J-series devices, the system sends data plane events to the eventd process on the Routing Engine to be processed, formatted, and written to system log files in a similar manner to control plane events.
- For SRX-series services gateways, the system streams already-processed data plane events directly to external log servers, bypassing the Routing Engine. If an event requires processing, the system sends the event to the eventd process on the Routing Engine.
To view data plane logs, use the log statement at the [security] hierarchy level.
Regular Expressions
On the J-Web View Events page, you can use regular expressions to filter and display a set of messages for viewing. JUNOS supports POSIX Standard 1003.2 for extended (modern) UNIX regular expressions.
Table 197 specifies some of the commonly used regular expression operators and the terms matched by them. A term can match either a single alphanumeric character or a set of characters enclosed in square brackets, parentheses, or braces. For information about how to use regular expression to filter sytem log messages, see Filtering System Log Messages.
 | Note: On the J-Web View Events page, the regular expression matching is case-sensitive. |
Table 197: Common Regular Expression Operators and the Terms They Match
Regular Expression Operator | Matching Terms |
|---|---|
. (period) | One instance of any character except the space. For example, .in matches messages with win or windows. |
* (asterisk) | Zero or more instances of the immediately preceding term. For example, tre* matches messages with tree, tread or trough. |
+ (plus sign) | One or more instances of the immediately preceding term. For example, tre+ matches messages with tree or tread but not trough. |
? (question mark) | Zero or one instance of the immediately preceding term. For example, colou?r matches messages with or color or colour. |
| (pipe) | One of the terms that appear on either side of the pipe operator. For example, gre|ay matches messages with either grey or gray. |
! (exclamation point) | Any string except the one specified by the expression, when the exclamation point appears at the start of the expression. Use of the exclamation point is specific to JUNOS. |
^ (caret) | The start of a line, when the caret appears outside square brackets. For example, ^T matches messages with This line and not with On this line. |
$ (dollar sign) | Strings at the end of a line. For example, :$ matches messages with the following: and not with 2:00. |
[] (paired square brackets) | One instance of one of the enclosed alphanumeric characters. To indicate a range of characters, use a hyphen (-) to separate the beginning and ending characters of the range. For example, [0-9] matches messages with any number. |
() (paired parentheses) | One instance of the evaluated value of the enclosed term. Parentheses are used to indicate the order of evaluation in the regular expression. For example, dev(/|ice) matches messages with dev/ or device. |
