Example: Defining Destinations for File Archiving by Event Policies
This example configures an archive site for event policies. Event policy actions that reference the configured destination upload specified files to that site.
This example uses a device running Junos OS. No additional configuration beyond device initialization is required before configuring this example.
When an event policy action generates output files, you can archive the files for later analysis. Similarly, you might want to archive system files, including system log files, core files, and configuration files, from the time an event occurs.
When an event occurs, you can upload relevant files to a specified location for analysis. To archive files from an event policy, configure one or more destinations specifying the archive sites to which the files are uploaded. You then reference the configured destinations within event policies.
To define a destination archive site, include the destinations statement at the [edit event-options] hierarchy level.
The destination-name is a user-defined identifier, which is referenced by event policies. You can define multiple destinations with different archive sites.
For each destination, configure one or more archive site URIs, which are the actual sites to which the files are uploaded. If you specify multiple archive site URIs for a given destination, the device attempts to transfer the files to the first archive site in the list and only uses subsequent sites in the list if the transfer to the first site fails. Optionally, you can specify a plain-text password for login into an archive site.
Specify the archive site URI as a file URI, an active
or passive FTP URI, or a Secure Copy (SCP) URI. Local device directories
are also supported (for example,
/var/tmp). When you specify the archive site URI, do not add a forward slash
(/) to the end of the URI.
When an event policy action uploads files, the name of the file depends on the version of Junos OS running on the device. Prior to Junos OS Release 14.1R3, the filename has the following naming convention:
Starting in Junos OS Release 14.1R3, the filename has the following naming convention:
output-filename string is either the name of an existing file or the value configured
for the output-filename statement within the event policy then clause under the hierarchy for the appropriate event policy
action. The index-number string, which ranges
from 001 to 999, is appended to the filename in the event that the
policy is triggered multiple times in a 1-second period.
The transfer-delay statement allows you to specify the number of seconds the event process (eventd) waits before beginning to upload a file or multiple files to that destination. A transfer delay allows you to ensure that a large file, such as a core file, is completely generated before the upload begins. For more information, see Configuring the Delay Before Files Are Uploaded by an Event Policy.
This example configures a new archive destination named mgmt-archives, which can be referenced in event policies for file archiving. The example configures two archive sites for this destination. The first site is the Secure Copy URI "scp://firstname.lastname@example.org/test" for which a password is configured. The second site is a directory on the local device. The device attempts to transfer to the first archive site in the list, moving to the next site only if the transfer to the first site fails. The example configures a transfer delay of five seconds for all files uploaded to the mgmt-archives archive site.
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them in a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the  hierarchy level:
Configure a new archive destination named mgmt-archives that can be referenced by event-policies.
- Configure the identifier and associated archive sites
for each destination.
The device transfers to the first archive site in the list, moving to the next site only if the transfer to the first site fails.[edit event-options destinations]user@host# set mgmt-archives archive-sites scp://email@example.com/testuser@host# set mgmt-archives archive-sites /var/log
- If authentication is required to access any of the archive
sites, configure the required plain-text password for that site.[edit event-options destinations]user@host# set mgmt-archives archive-sites scp://firstname.lastname@example.org/test password PaSsWoRd
- (Optional) Configure the transfer delay associated with
each destination. The mgmt-archives destination has a transfer delay
of five seconds.[edit event-options destinations]user@host# set mgmt-archives transfer-delay 5
- Commit the configuration.user@host# commit
- You can reference configured destinations in an event policy. For information about referencing destinations in event policies, see Example: Configuring an Event Policy to Upload Files and Configuring an Event Policy to Execute Operational Mode Commands.
Verifying the Configuration
Issue the show configuration event-options operational mode command to review the resulting configuration.
In the sample output, the mgmt-archives destination
has two archive sites and a transfer delay of five seconds. You can
now reference this destination in event policies. When you reference
the mgmt-archives destination in an event policy, specified files
are uploaded to the first archive site after a five second delay.
If the transfer to the first archive fails, the device attempts to
upload the files to the
site. For more information about referencing destinations in event
policies, see Example: Configuring an Event Policy to Upload Files.
Note that although the plain-text password is visible when you configure it, the configuration displays the encrypted password.