Logging Events Messages to a System Logging Server
To configure the SRC-VTA to save event messages on a system logging server:
- In the VTA Configuration Manager navigation pane, select Edit.
- Under Current Configuration, select Logging.
The current logging configuration appears.
- To add a system log configuration, enter a name for the
configuration in the New Syslog box, and click Create.
The Syslog configuration screen appears.
- Edit the fields.
See System Logging Fields .
- If you are finished configuring the SRC-VTA, save the configuration to a directory or local file.
System Logging Fields
In VTA Configuration Manager, you can edit the following fields in the syslog section of the Logging screen.
Filter
- Filter that determines the type of messages that this log file contains.
- Value—Expression. The software filters events by
evaluating each subexpression from left to right. When the software
finds a match, it logs or ignores the message accordingly. You can
specify an unlimited number of subexpressions. The order in which
you specify the subexpressions affects the result. Expressions have
the format:
singlematch [,singlematch]
where
singlematch—[!] ( <category> | ([<category>]/[<severity>] | [<minimumSeverity>]-[<maximumSeverity>] ))
- !—Do not log matching events
- <category>—SRC component that generated the event message. To log only events in a specific category, you can define the category, which is a text string that matches the name of a category. The text string is not case sensitive. For the names of categories, view a log file for a default filter. Juniper Networks Technical Assistance Center (JTAC) can also provide category names.
- [<severity>] | [<minimumSeverity>]-[<maximumSeverity>]
—Name or number in the range 1–127. A higher number indicates
a higher severity level. Table 1 shows common
severity levels that you can specify by name.
Table 1: Named Severity Levels
Name
Severity Level
logmin
1
debug
10
info
20
notice
30
warning
40
error
50
crit
60
alert
70
emerg
80
panic
90
logmax
127
Enabling debug log messages has a negative affect on system performance. Do not enable debug log messages unless JTAC instructs you to do so.
You can define a severity level as follows:
- Specify an explicit severity. For example:
warning—Defines only warning messages
- Specify a minimum severity and a maximum severity. For
example:
info-warning—Defines messages of minimum severity level of info and a maximum severity level of warning
- Accept the default minimum (logmin) or maximum (logmax)
severity by omitting the minimum or maximum severity. For example:
info-—Defines messages of minimum severity level info and maximum severity level logmax
-warning—Defines messages of minimum severity level logmin and maximum severity level warning
- Specify no severity to log all event messages.
- Specify an explicit severity. For example:
- Guidelines—This field is mandatory.
- Default—No value
- Example—Table 2 shows some
examples of filters.
Table 2: Examples of Filters for Event Messages
Syslog Host
- IP address or name of a host that collects event messages with a standard system logging daemon.
- Value—IP address or text string
- Default—No value
Syslog Facility
- Type of system log in accordance with the system logging protocol.
- Value—Integer in the range 0–23; each integer corresponds to the standard number for a system logging client. See The syslog Protocol—draft-ietf-syslog-protocol-16.txt (July 2006 expiration).
- Default—No value