System Logging Overview
The Junos OS generates system log messages (also called syslog messages) to record system events that occur on the device. Events consist of routine operations, failure and error conditions, and critical conditions that might require urgent resolution. This system logging utility is similar to the UNIX syslogd utility.
Each Junos OS system log message belongs to a message category, called a facility, that reflects the hardware- or software-based source of the triggering event. A group of messages belonging to the same facility are either generated by the same software process or concern a similar hardware condition or user activity (such as authentication attempts). Each system log message is also preassigned a severity, which indicates how seriously the triggering event affects router (or switch) functions. Together, the facility and severity of an event are known as the message priority. The content of a syslog message identifies the Junos OS process that generates the message and briefly describes the operation or error that occurred.
By default, syslog messages that have a severity of info or more serious are written to the main system log file messages in the /var/log directory of the local Routing Engine. To configure global settings and facility-specific settings that override these default values, you can include statements at the [edit system syslog] hierarchy level.
For all syslog facilities or for a specified facility, you can configure the syslog message utility to redirect messages of a specified severity to a specified file instead of to the main system log file. You can also configure the syslog message utility to write syslog messages of a specified severity, for all syslog facilities or for a specified facility, to additional destinations. In addition to writing syslog messages to a log file, you can write syslog messages to the terminal sessions of any logged-in users, to the router (or switch) console, or to a remote host or the other Routing Engine.
At the global level—for all system logging messages, regardless of facility, severity, or destination—you can override the default values for file-archiving properties and the default timestamp format.