Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Defining Destinations for File Archiving by Event Policies

 

This example configures an archive site for event policies. Event policy actions that reference the configured destination upload specified files to that site.

Requirements

This example uses a device running Junos OS. No additional configuration beyond device initialization is required before configuring this example.

Overview

When an event policy action generates output files, you can archive the files for later analysis. Similarly, you might want to archive system files, including system log files, core files, and configuration files, from the time an event occurs.

When an event occurs, you can upload relevant files to a specified location for analysis. To archive files from an event policy, configure one or more destinations specifying the archive sites to which the files are uploaded. You then reference the configured destinations within event policies.

To define a destination archive site, include the destinations statement at the [edit event-options] hierarchy level.

The destination-name is a user-defined identifier, which is referenced by event policies. You can define multiple destinations with different archive sites.

For each destination, configure one or more archive site URIs, which are the actual sites to which the files are uploaded. If you specify multiple archive site URIs for a given destination, the device attempts to transfer the files to the first archive site in the list and only uses subsequent sites in the list if the transfer to the first site fails. Optionally, you can specify a plain-text password for login into an archive site.

Specify the archive site URI as a file URI, an active or passive FTP URI, or a Secure Copy (SCP) URI. Local device directories are also supported (for example, /var/tmp). When you specify the archive site URI, do not add a forward slash (/) to the end of the URI.

  • file:<//host>/path

  • ftp://username@host:<port>url-path

  • pasvftp://username@host:<port>url-path

  • scp://username@host:<port>url-path

  • <path>/<filename>

When an event policy action uploads files, the name of the file depends on the version of Junos OS running on the device. Prior to Junos OS Release 14.1R3, the filename has the following naming convention:

Starting in Junos OS Release 14.1R3, the filename has the following naming convention:

The output-filename string is either the name of an existing file or the value configured for the output-filename statement within the event policy then clause under the hierarchy for the appropriate event policy action. The index-number string, which ranges from 001 to 999, is appended to the filename in the event that the policy is triggered multiple times in a 1-second period.

The transfer-delay statement allows you to specify the number of seconds the event process (eventd) waits before beginning to upload a file or multiple files to that destination. A transfer delay allows you to ensure that a large file, such as a core file, is completely generated before the upload begins. For more information, see Configuring the Delay Before Files Are Uploaded by an Event Policy.

This example configures a new archive destination named mgmt-archives, which can be referenced in event policies for file archiving. The example configures two archive sites for this destination. The first site is the Secure Copy URI "scp://username@example.com/test" for which a password is configured. The second site is a directory on the local device. The device attempts to transfer to the first archive site in the list, moving to the next site only if the transfer to the first site fails. The example configures a transfer delay of five seconds for all files uploaded to the mgmt-archives archive site.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them in a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level:

Step-by-Step Procedure

Configure a new archive destination named mgmt-archives that can be referenced by event-policies.

  1. Configure the identifier and associated archive sites for each destination.

    The device transfers to the first archive site in the list, moving to the next site only if the transfer to the first site fails.

  2. If authentication is required to access any of the archive sites, configure the required plain-text password for that site.
  3. (Optional) Configure the transfer delay associated with each destination. The mgmt-archives destination has a transfer delay of five seconds.
  4. Commit the configuration.
  5. You can reference configured destinations in an event policy. For information about referencing destinations in event policies, see Example: Configuring an Event Policy to Upload Files and Configuring an Event Policy to Execute Operational Mode Commands.

Verification

Verifying the Configuration

Purpose

Issue the show configuration event-options operational mode command to review the resulting configuration.

Action

Meaning

In the sample output, the mgmt-archives destination has two archive sites and a transfer delay of five seconds. You can now reference this destination in event policies. When you reference the mgmt-archives destination in an event policy, specified files are uploaded to the first archive site after a five second delay. If the transfer to the first archive fails, the device attempts to upload the files to the /var/log archive site. For more information about referencing destinations in event policies, see Example: Configuring an Event Policy to Upload Files.

Note that although the plain-text password is visible when you configure it, the configuration displays the encrypted password.