Assign an Alternate Facility

By default, messages directed to a remote machine are handled in the same way as messages belonging to that facility that are generated on the remote machine. For example, suppose you configure the following statements on local-router to write messages from the authorization facility to a remote machine called monitor:

[edit system syslog]

host monitor {

    authorization info;

}

If the logging utility on monitor is configured to write messages belonging to the authorization facility to the file /var/log/auth-attempts, the file will contain both the messages generated when users log on to local-router and the messages generated when users log on to monitor. Although the name of the source machine appears in each system log message, the mixing of messages from multiple machines can still make it more difficult to analyze the contents of the auth-attempts file.

To assign all messages sent to a remote machine to a different facility on that machine, include the facility-override statement along with the facility statements at the [edit system syslog host hostname ] hierarchy level:

[edit system syslog host hostname]

facility level ;

facility-override facility ;

On the remote machine, you must also configure the logging utility to handle the messages assigned to the alternate facility in the desired manner.

Table 4 lists the system logging facilities that you can specify in the facility-override statement.

Table 4: Facilities for the facility-override Statement 

Facility	Description
authorization	Authentication and authorization attempts
cron	Actions performed or errors encountered by the cron daemon
daemon	Actions performed or errors encountered by various system daemons
kernel	Actions performed or errors encountered by the JUNOS kernel
local0	Local facility number 0
local1	Local facility number 1
local2	Local facility number 2
local3	Local facility number 3
local4	Local facility number 4
local5	Local facility number 5
local6	Local facility number 6
local7	Local facility number 7
user	Actions performed or errors encountered by various user-space processes

Examples: Assign an Alternate Facility

Log all messages generated on the local router at the error level or higher to the local0 facility on the remote machine called monitor:

[edit system syslog]

host monitor {

    any error ;

    facility-override local0 ;

}

In the following example, a single remote machine called central-logger handles log messages about configuration changes for two routers located in California and two routers located in New York. The messages from California are aggregated into one facility (local1) and the messages from New York into another facility (local2).

• Configure California routers to aggregate messages in the local1 facility:

[edit system syslog]

host central-logger {

    change-log info ;

    facility-override local1 ;

}

• Configure New York routers to aggregate messages in the local2 facility:

[edit system syslog]

host central-logger {

    change-log info ;

    facility-override local2 ;

}

On central-logger, you could then configure the system logging utility to write messages from the local1 facility to /var/log/california-config and the messages from the local2 facility to /var/log/new-york-config.