Interpreting Messages Generated in Structured-Data Format
By default, Junos OS processes and software libraries write messages to the system log file in structured-data format. For information about the structured-data statement, see Logging Messages in Structured-Data Format.
Structured-format makes it easier for automated applications to extract information from the message. In particular, the standardized format for reporting the value of variables (elements in the English-language message that vary depending on the circumstances that triggered the message) makes it easy for an application to extract those values.
The structured-data format for a message includes the following fields (which appear here on two lines only for legibility):
Table 1 describes the fields. If the system logging utility cannot determine the value in a particular field, a hyphen ( - ) appears instead.
Table 1: Fields in Structured-Data Messages
| Field | Description | Examples |
|---|---|---|
<priority code> | Number that indicates the facility and severity of a message. It is calculated by multiplying the facility number by 8 and then adding the numerical value of the severity. For a mapping of the numerical codes to facility and severity, see Specifying the Facility and Severity of Messages to Include in the Log. | <165> for a message from the pfe facility
(facility=20) with severity notice (severity=5). |
version | Version of the Internet Engineering Task Force (IETF) system logging protocol specification. | 1 for the initial version |
timestamp | Time when the message was generated, in one of two representations:
| 2007-02-15T09:17:15.719Z is 9:17 AM UTC on 15 February
2007. 2007-02-15T01:17:15.719 -08:00 is the same timestamp expressed
as Pacific Standard Time in the United States. |
hostname | Name of the host that originally generated the message. | switch1 |
process | Name of the Junos OS process that generated the message. | mgd |
processID | UNIX process ID (PID) of the Junos process that generated the message. | 3046 |
TAG | Junos OS system log message tag, which uniquely identifies the message. | UI_DBASE_LOGOUT_EVENT |
junos@2636.platform | An identifier for the type of hardware platform that generated the message. The junos@2636 prefix indicates that the platform runs the Junos OS. It is followed by a dot-separated numerical identifier for the platform type. | junos@2636.1.1.1.2.18 |
variable-value-pairs | A variable-value pair for each element in the message-text string that varies depending on the circumstances that triggered the message. Each pair appears in the format variable = "value". | username="regress" |
message-text | English-language description of the event or error (omitted if the brief statement is included at the [edit system syslog file filename structured-data] hierarchy level). | User 'regress' exiting configuration mode |
By default, the structured-data version of a message includes English text at the end, as in the following example (which appears on multiple lines only for legibility):
When the brief statement is included at the [edit system syslog file filename structured-data ] hierarchy level, the English text is omitted, as in this example:
Table 2 maps the codes that appear in the priority-code field to facility and severity level.
 | Note: Not all of the facilities and severities listed in Table 2 can be included in statements at the [edit system syslog] hierarchy level (some are used by internal processes). For a list of the facilities and severity levels that can be included in the configuration, see Specifying the Facility and Severity of Messages to Include in the Log. |
Table 2: Facility and Severity Codes in the priority-code Field
| Facility (number) | Severity emergency | alert | critical | error | warning | notice | info | debug |
|---|---|---|---|---|---|---|---|---|
kernel (0) | 1 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
user (1) | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
mail (2) | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 |
daemon (3) | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
authorization (4) | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 |
syslog (5) | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 |
printer (6) | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 |
news (7) | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 |
uucp (8) | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 |
clock (9) | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 |
authorization-private (10) | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 |
ftp (11) | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 |
ntp (12) | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 |
security (13) | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 |
console (14) | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 |
local0 (16) | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 |
dfc (17) | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 |
local2 (18) | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 |
firewall (19) | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 |
pfe (20) | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 |
conflict-log (21) | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 |
change-log (22) | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 |
interactive-commands (23) | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 |
