Modifying the Syslog Configuration for Security Devices
You can use the Syslog section on the Modify Configuration
page to view and modify the parameters related to system logging on
the device.
Procedure
To modify the system log parameters:
- Select Devices > Security Devices.
The Security Devices page appears.
- Select the devices whose configuration you want to modify.
- From the More or right-click menu, select Configuration > Modify Configuration.
The Modify Configuration page appears.
- Click the Syslog link in the left-navigation
menu.
The Syslog section on the Modify Configuration page is displayed.
- Modify the configuration according to the guidelines provided
in Table 100.
- After modifying the configuration, you can cancel the
changes, save the changes, preview the changes, or save the changes
and deploy the configuration on the device. See Modifying the Configuration of Security Devices.
Table 100: Syslog Settings
Setting | Guideline |
|---|
General Settings |
Time Format | Specify whether the time format should be included in
system log messages generated for the device. By default, the timestamp
specifies the month, day, hour, minute, and second at which the message
was logged. If you select Enable, you can specify whether the
milliseconds are included in the timestamp, the year is included in
the timestamp, or both the milliseconds and the year are included
in the timestamp. |
Source Address | Specify the IPv4 or IPv6 address to be used as the source
address that is included in system log messages. |
Log Rotation Frequency | Configure the time interval (in minutes) at which Junos
Space checks for the system log file size. When the log file size
exceeds the previously specified size limit, the log file is archived
and a new log file is created. The range is 1 through 59 and the default
is 15 minutes. |
Allow Duplicates | Select this check box if you do not want to suppress
syslog messages that were logged earlier. This check box is cleared
by default. |
Host Configuration |
| | The existing host configuration entries are displayed
in a table. You can do the following: Create a host configuration: Click the + icon to create a host configuration The Create Host Configuration page appears. Complete the configuration according to the guidelines
provided in Table 101. Click OK. The host is created and you are returned to the Modify Configuration
page.
Modify a host configuration—Select a host configuration
and click the pencil icon to modify the settings. The Edit Host Configuration page appears, showing the same fields
that are presented when you create a host configuration. You can modify
some of the fields on this page. Refer to Table 101 for an explanation
of the fields. After you have modified the host configuration, click OK. The changes are saved and you are returned to the Modify Configuration
page. Delete host configurations—Select one or more host
configurations and click the X icon to delete the host configurations. The Warning page appears. Click Yes to confirm the
deletion. The selected host configurations are deleted.
|
File Configuration |
| | The existing file configuration entries are displayed
in a table. You can do the following: Create a file configuration: Click the + icon to create a file configuration. The Create File Configuration page appears. Complete the configuration according to the guidelines
provided in Table 102. Click OK. The file is created and you are returned to the Modify Configuration
page.
Modify a file configuration—Select a file configuration
and click the pencil icon to modify the settings. The Edit File Configuration page appears, showing the same fields
that are presented when you create a file configuration. You can modify
some of the fields on this page. Refer to Table 102 for an explanation
of the fields. After you have modified the file configuration, click OK. The changes are saved and you are returned to the Modify Configuration
page. Delete file configurations—Select one or more file
configurations and click the X icon to delete the file configurations. The Warning page appears. Click Yes to confirm the
deletion. The selected file configurations are deleted.
|
User Configuration |
| | The existing user configuration entries are displayed
in a table. You can do the following: Create a user configuration: Click the + icon to create a user configuration The Create User Configuration page appears. Complete the configuration according to the guidelines
provided in Table 103. Click OK. The user configuration is created and you are returned to the
Modify Configuration page.
Modify a user configuration—Select a user configuration
and click the pencil icon to modify the settings. The Edit User Configuration page appears, showing the same fields
that are presented when you create a file configuration. You can modify
some of the fields on this page. Refer to Table 103 for an explanation
of the fields. After you have modified the user configuration, click OK. The changes are saved and you are returned to the Modify Configuration
page. Delete user configurations—Select one or more user
configurations and click the X icon to delete the user configurations. The Warning page appears. Click Yes to confirm the
deletion. The selected user configurations are deleted.
|
Table 101: Create
Host Configuration Settings
Setting | Guideline |
|---|
Name | Select the name of the host to be notified when the system
log matches the condition specified. |
Match | Enter a regular expression up to a maximum of 255 characters
that must appear or must not appear in a message for the messages
to be logged to a host. |
Contents |
| | The table displays the existing facility and severity
configured for system log messages. You can perform the following
actions: Click the + icon to configure the facility and severity
levels of messages to be logged in the remote destination. The Create Contents page appears. Complete the configuration according to the guidelines provided
in Table 104 and click OK. The system log message's facility and severity levels are created
and you are returned to the Create Host Configuration page. Select an entry and click the pencil icon to modify the
facility and severity levels of messages to be logged in the remote
destination. The Edit Contents page appears showing the same fields that
are presented when you configure the facility and severity levels
of messages to be logged in the remote destination. Refer to Table 104 for an explanation
of the fields. After you have modified the system log message's facility and
severity levels that are associated with the host, click OK. The changes are saved and you are returned to the Create Host
Configuration page. Select one or more configured facility and severity levels,
and click the X icon to delete the entries. The Warning page appears. Click Yes to confirm the
deletion. The selected facility and severity levels are deleted.
|
Advanced Options |
Allow Duplicates | Select this check box if you want to allow repeated messages
in the system log output. By default, this check box is cleared, which
means that repeated messages are not logged in the output. |
Explicit Priority | Select this check box to include the priority, which
is a combination of the facility and severity, in syslog messages. |
Facility Override | Specify an alternative facility that will replace the
default facility used when messages are directed to a remote destination.
For more information, see the https://www.juniper.net/documentation/en_US/junos/topics/reference/general/syslog-facilities-remote-logging.html topic. |
Log Prefix | Specify the prefix to be used for all syslog messages
for the specified host. |
Source Address | Specify the IPv4 or IPv6 address to be used as the source
address that is included in system log messages for the host. |
Port | Specify the port number for the remote syslog folder. The range is 0 through 65,535 and the default is 514. |
Structured Data | Select this check box to log messages to a file in structured-data
format instead of the standard Junos OS format. The structured-data
format complies with IETF RFC 5424. By default, this check box is
selected. Select the Brief check box to suppress the English
language text that appears by default at the end of a message to describe
the error or event. By default this check box is cleared. |
Table 102: Create
File Configuration Settings
Setting | Guideline |
|---|
Name | Enter the name of the file in which the data should be
logged. The filename must not contain spaces, and it can contain some
special characters ($ ^ < > @ # ! * - = _ .). |
Match | Enter a regular expression up to a maximum of 255 characters
that must appear or must not appear in a message for the messages
to be logged to a file. |
Contents |
| | The table displays the existing facility and severity
configured for system log messages. You can perform the following
actions: Click the + icon to configure the facility and severity
levels of messages to be logged in the remote destination. The Create Contents page appears. Complete the configuration according to the guidelines provided
in Table 104 and click OK. The system log message's facility and severity levels are created
and you are returned to the Create File Configuration page. Select an entry and click the pencil icon to modify the
facility and severity levels of messages to be logged in the remote
destination. The Edit Contents page appears showing the same fields that
are presented when you configure the facility and severity levels
of messages to be logged in the remote destination. Refer to Table 104 for an explanation
of the fields. After you have modified the system log message's facility and
severity levels that are associated with the file, click OK. The changes are saved and you are returned to the Create File
Configuration page. Select one or more configured facility and severity levels,
and click the X icon to delete the entries. The Warning page appears. Click Yes to confirm the
deletion. The selected facility and severity levels are deleted.
|
Advanced Options |
Explicit Priority | Select this check box to include the priority, which
is a combination of the facility and severity, in syslog messages. |
Structured Data | Select this check box to log messages to a file in structured-data
format instead of the standard Junos OS format. The structured-data
format complies with IETF RFC 5424. By default, this check box is
selected. Select the Brief check box to suppress the English
language text that appears by default at the end of a message to describe
the error or event. By default this check box is cleared. |
Table 103: Create
User Configuration Settings
Setting | Guideline |
|---|
Name | Enter the Junos OS username of the user whose terminal
session is to receive system log messages. The username must not contain
spaces, and it can contain some special characters (_ .). |
Match | Enter a regular expression up to a maximum of 255 characters
that must appear or must not appear in a message for the messages
to be logged to a user terminal. |
Contents |
| | The table displays the existing facility and severity
configured for system log messages. You can perform the following
actions: Click the + icon to configure the facility and severity
levels of messages to be logged in the remote destination. The Create Contents page appears. Complete the configuration according to the guidelines provided
in Table 104 and click OK. The system log message's facility and severity levels are created
and you are returned to the Create User Configuration page. Select an entry and click the pencil icon to modify the
facility and severity levels of messages to be logged in the remote
destination. The Edit Contents page appears showing the same fields that
are presented when you configure the facility and severity levels
of messages to be logged in the remote destination. Refer to Table 104 for an explanation
of the fields. After you have modified the system log message's facility and
severity levels that are associated with the user, click OK. The changes are saved and you are returned to the Create User
Configuration page. Select one or more configured facility and severity levels,
and click the X icon to delete the entries. The Warning page appears. Click Yes to confirm the
deletion. The selected facility and severity levels are deleted.
|
Advanced Options |
Allow Duplicates | Select this check box if you want to allow repeated messages
in the system log output. By default, this check box is cleared, which
means that repeated messages are not logged in the output. |
Table 104: Create Contents
Settings
Setting | Guideline |
|---|
Facility | Select the facility to which the system log message belongs.
Each system log message belongs to a facility, which categorizes messages
based on the source by which they are generated, such as a software
process, or that relate to a similar condition or activity, such as
authentication attempts. |
Severity | Select the severity level for the system log message.
Each system message is pre-assigned a severity level, which indicates
how seriously the triggering event affects routing platform functions.
When you configure logging for a facility and destination, you specify
a severity level for each facility. |
Related Documentation
Help us to improve. Rate this article.
Feedback Received. Thank You!