System Log File

Specifies the name of a system log file for which you want to display the recorded events.

Lists the names of all the system log files that you configure.

By default, a log file, messages, is included in the /var/log/ directory.

To specify events recorded in a particular file, select the system log filename from the list—for example, messages.

Select Include archived files to include archived files in the search.

Process

Specifies the name of the process generating the events you want to display.

To view all the processes running on your system, enter the CLI command show system processes.

For more information about processes, see the JUNOS Software Installation and Upgrade Guide at www.juniper.net/techpubs

To specify events generated by a process, type the name of the process.

For example, type mgd to list all messages generated by the management process.

Date From

To

Specifies the time period in which the events you want displayed are generated.

Displays a calendar that allows you to select the year, month, day, and time. It also allows you to select the local time.

By default, the messages generated in the last hour are displayed. End Time shows the current time and Start Time shows the time one hour before End Time.

To specify the time period:

• Click the Calendar icon and select the year, month, and date—for example, 02/10/2007.

• Click the Calendar icon and select the year, month, and date—for example, 02/10/2007.
• Click to select the time in hours, minutes, and seconds.

Event ID

Specifies the event ID for which you want to display the messages.

Allows you to type part of the ID and completes the remainder automatically.

An event ID, also known as a system log message code, uniquely identifies a system log message. It begins with a prefix that indicates the generating software process or library.

To specify events with a specific ID, type the partial or complete ID—for example, TFTPD_AF_ERR.

Description

Specifies text from the description of events that you want to display.

Allows you to use regular expressions to match text from the event description.

Note: Regular expression matching is case-sensitive.

To specify events with a specific description, type a text string from the description with regular expression.

For example, type ^Initial* to display all messages with lines beginning with the term Initial.

Search

Applies the specified filter and displays the matching messages.

To apply the filter and display messages, click Search.

Process

Displays the name and ID of the process that generated the system log message.

The information displayed in this field is different for messages generated on the local Routing Engine than for messages generated on another Routing Engine (on a system with two Routing Engines installed and operational). Messages from the other Routing Engine also include the identifiers re0 and re1 to identify the Routing Engine.

Severity

Severity level of a message is indicated by different colors.

• Unknown—Gray—Indicates no severity level is specified.
• Debug/Info/Notice—Green—Indicates conditions that are not errors but are of interest or might warrant special handling.
• Warning—Yellow—Indicates conditions that warrant monitoring.
• Error—Blue—Indicates standard error conditions that generally have less serious consequences than errors in the emergency, alert, and critical levels.
• Critical—Pink—Indicates critical conditions, such as hard-drive errors.
• Alert—Orange—Indicates conditions that require immediate correction, such as a corrupted system database.
• Emergency—Red—Indicates system panic or other conditions that cause the switch to stop functioning.

A severity level indicates how seriously the triggering event affects switch functions. When you configure a location for logging a facility, you also specify a severity level for the facility. Only messages from the facility that are rated at that level or higher are logged to the specified file.

Event ID

Displays a code that uniquely identifies the message.

The prefix on each code identifies the message source, and the rest of the code indicates the specific event or error.

The event ID begins with a prefix that indicates the generating software process.

Some processes on a switch do not use codes. This field might be blank in a message generated from such a process.

An event can belong to one of the following type categories:

• Error—Indicates an error or failure condition that might require corrective action.
• Event—Indicates a condition or occurrence that does not generally require corrective action.

Event Description

Displays a more detailed explanation of the message.

Time

Displays the time at which the message was logged.