Changing the Alternative Facility Name for Remote Messages
Some facilities assigned to messages logged on the local routing platform have JUNOS-specific names (see Table 7). Because a remote machine designated at the
[edit system syslog hosthostname]hierarchy level is not a Juniper Networks routing platform, itssyslogdutility cannot interpret the JUNOS-specific names. To enable the standardsyslogdutility to handle messages from these facilities, when messages are directed to a remote machine a standardlocalXfacility name is used instead of the JUNOS-specific facility name.Table 9 lists the default alternative facility name used for each JUNOS-specific facility name. For facilities that are not listed, the default alternative name is the same as the local facility name.
The
syslogdutility on a remote machine handles all messages that belong to a facility in the same way, regardless of the source of the message (the Juniper Networks routing platform or the remote machine itself). As an example, the following statements in the configuration of the routing platformlocal-routerdirect messages from theauthorizationfacility to the remote machinemonitor.mycompany.com:[edit system syslog]host monitor.mycompany.com {authorization info;}The default alternative facility for the local
authorizationfacility is alsoauthorization. Thesyslogdutility onmonitoris configured to write messages belonging to theauthorizationfacility to the file/var/log/auth-attempts, which means that the file contains both the messages generated when users log in tolocal-routerand the messages generated when users log in tomonitor. Although the name of the source machine appears in each system log message, the mixing of messages from multiple machines can make it more difficult to analyze the contents of theauth-attemptsfile.To change the facility used for all messages directed to a remote machine, include the
facility-overridestatement at the[edit system syslog hosthostname]hierarchy level:[edit system syslog hosthostname]facility severity;facility-overridefacility;In general, it makes sense to specify an alternative facility that is not already in use on the remote machine, such as one of the
localXfacilities. On the remote machine, you must also configure thesyslogdutility to handle the messages in the desired manner.Table 10 lists the facilities that you can specify in the
facility-overridestatement.
Actions performed or errors encountered by various system processes
Actions performed or errors encountered by various user-space processes
We do not recommend including the
facility-overridestatement at the[edit system syslog host other-routing-engine]hierarchy level. It is not necessary to use alternative facility names when directing messages to the other Routing Engine, because its JUNOS system logging utility can interpret the JUNOS-specific names.Examples: Assigning an Alternative Facility
Log all messages generated on the local routing platform at the
errorlevel or higher to thelocal0facility on the remote machine calledmonitor.mycompany.com:[edit system syslog]host monitor.mycompany.com {any error;facility-override local0;}Configure routing platforms located in California and routing platforms located in New York to send messages to a single remote machine called
central-logger.mycompany.com. The messages from California are aggregated into one facility (local0) and the messages from New York into another facility (local2).[edit system syslog]host central-logger.mycompany.com {change-log info;facility-override local0;}Configure New York routing platforms to aggregate messages in the local2facility:[edit system syslog]host central-logger.mycompany.com {change-log info;facility-override local2;}On
central-logger, you can then configure the system logging utility to write messages from thelocal0facility to/var/log/california-configand the messages from thelocal2facility to/var/log/new-york-config.