Configuring System Logging for a Single-Chassis System

[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring System Logging for a Single-Chassis System
The JUNOS system logging utility is similar to the UNIX syslogd utility. This section describes how to configure system logging for a single-chassis system that runs the JUNOS software.

The system logging configuration statements for the JUNOS-FIPS software and for Juniper Networks routing platforms in a Common Criteria environment are the same as for the JUNOS software. For more information, see the Secure Configuration Guide for Common Criteria and JUNOS-FIPS.

For information about configuring system logging for a routing matrix, see Configuring System Logging for a Routing Matrix.

When you configure system logging, you can direct messages to one or more destinations by including the appropriate statement at the [edit system syslog] hierarchy level:

To a named file in a local file system, by including the file statement. See Directing Messages to a Log File.

To the terminal session of one or more specific users (or all users) when they are logged in to the routing platform, by including the user statement. See Directing Messages to a User Terminal.

To the routing platform console, by including the console statement. See Directing Messages to the Console.

To a remote machine that is running the syslogd utility or to the other Routing Engine on the routing platform, by including the host statement. See Directing Messages to a Remote Machine or the Other Routing Engine.

Each system log message belongs to a facility, which is a group of messages that are either generated by the same software process or concern a similar condition or activity (such as authentication attempts). To log the messages belonging to one or more facilities to a particular destination, specify each facility name as a separate statement within the set of statements for the destination.

Table 7 lists the JUNOS system logging facilities that you can specify in configuration statements at the [edit system syslog] hierarchy level.

Table 7: JUNOS System Logging Facilities

Facility

Type of Event or Error

any

All (messages from all facilities)

authorization

Authentication and authorization attempts

change-log

Changes to the JUNOS configuration

conflict-log

Configuration that is inconsistent with routing platform hardware

daemon

Actions performed or errors encountered by various system processes

dfc

Events related to dynamic flow capture

firewall

Packet filtering actions performed by a firewall filter

ftp

Actions performed or errors encountered by the FTP process

interactive-commands

Commands issued at the JUNOS command-line interface (CLI) prompt or by a JUNOScript or NETCONF client application

kernel

Actions performed or errors encountered by the JUNOS kernel

pfe

Actions performed or errors encountered by the Packet Forwarding Engine

user

Actions performed or errors encountered by various user-space processes

Each message is also preassigned a severity level, which indicates how seriously the triggering event affects routing platform functions. When you configure logging for a facility and destination, you specify a severity level for each facility; messages from the facility that are rated at that level or higher are logged to the destination.

Unlike the other severity levels, the none level disables logging of a facility instead of indicating how seriously a triggering event affects routing functions. For more information, see Disabling Logging of a Facility.

Table 8 lists the severity levels that you can specify in configuration statements at the [edit system syslog] hierarchy level. The levels from emergency through info are in order from highest severity (greatest effect on functioning) to lowest.

Table 8: System Log Message Severity Levels

Severity Level

Description

any

Includes all severity levels

none

Disables logging of the associated facility to a destination

emergency

System panic or other condition that causes the routing platform to stop functioning

alert

Conditions that require immediate correction, such as a corrupted system database

critical

Critical conditions, such as hard drive errors

error

Error conditions that generally have less serious consequences than errors in the emergency, alert, and critical levels

warning

Conditions that warrant monitoring

notice

Conditions that are not errors but might warrant special handling

info

Events or nonerror conditions of interest

A message's facility and severity level are together referred to as its priority. By default, priority information is not included in system log messages. To include priority information in messages directed to a file or a remote destination, include the explicit-priority statement. For more information, see Including Priority in System Log Messages.

You can modify the timestamp on system log messages to include the year, the millisecond, or both. For more information, see Including the Year or Millisecond in Timestamps.

When directing messages to a remote machine, you can specify the source address to use, and you can configure features that make it easier to separate JUNOS-specific messages or messages generated on particular routing platforms. For more information, see Directing Messages to a Remote Machine or the Other Routing Engine.

The predefined facilities group together related messages, but you can also use regular expression matching to specify more exactly which messages from a facility are logged to a file, a user terminal, or a remote destination. For more information, see Using Regular Expressions to Refine the Set of Logged Messages.

For a statement summary for the syslog statement, see the JUNOS System Basics Configuration Guide.

For more information about configuring system logging, see the following sections:

Directing Messages to a Log File

Directing Messages to a User Terminal

Directing Messages to the Console

Directing Messages to a Remote Machine or the Other Routing Engine

Configuring Log File Archiving

Including Priority in System Log Messages

Including the Year or Millisecond in Timestamps

Using Regular Expressions to Refine the Set of Logged Messages

Disabling Logging of a Facility

Examples: Configuring System Logging

Facility	Type of Event or Error
`any`	All (messages from all facilities)
`authorization`	Authentication and authorization attempts
`change-log`	Changes to the JUNOS configuration
`conflict-log`	Configuration that is inconsistent with routing platform hardware
`daemon`	Actions performed or errors encountered by various system processes
`dfc`	Events related to dynamic flow capture
`firewall`	Packet filtering actions performed by a firewall filter
`ftp`	Actions performed or errors encountered by the FTP process
`interactive-commands`	Commands issued at the JUNOS command-line interface (CLI) prompt or by a JUNOScript or NETCONF client application
`kernel`	Actions performed or errors encountered by the JUNOS kernel
`pfe`	Actions performed or errors encountered by the Packet Forwarding Engine
`user`	Actions performed or errors encountered by various user-space processes

Severity Level	Description
`any`	Includes all severity levels
`none`	Disables logging of the associated facility to a destination
`emergency`	System panic or other condition that causes the routing platform to stop functioning
`alert`	Conditions that require immediate correction, such as a corrupted system database
`critical`	Critical conditions, such as hard drive errors
`error`	Error conditions that generally have less serious consequences than errors in the emergency, alert, and critical levels
`warning`	Conditions that warrant monitoring
`notice`	Conditions that are not errors but might warrant special handling
`info`	Events or nonerror conditions of interest

[Contents] [Prev] [Next] [Index] [Report an Error]