Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
System Log Messages Overview
Junos OS generates system log messages to record events that occur on the device, including the following:
- Routine operations, such as creation of an Open Shortest Path First (OSPF) protocol adjacency or a user login into the configuration database
- Failure and error conditions, such as failure to access a configuration file or unexpected closure of a connection to a child or peer process
- Emergency or critical conditions, such as device power-off due to excessive temperature
The Junos OS logging utility is similar to the UNIX syslogd utility. Each system log message identifies the software process that generated the message and briefly describes the operation or error that occurred.
Reboot requests are recorded to the system log files, which you can view with the show log command. Also, you can view the names of any processes running on your system with the show system processes command.
System Log Message Destinations
You can send system logging information to one or more destinations. The destinations can be one or more files, one or more remote hosts, the terminals of one or more users if they are logged in, and the system console.
- To direct messages to a named file in a local file system, see Sending System Log Messages to a File.
- To direct messages to the terminal session of one or more specific users (or all users) when they are logged into the device, see Sending System Log Messages to a User Terminal.
- To send a security log stream to a remote server, see Setting the System to Stream Security Logs Through Revenue Ports
- To direct messages to the device console, see the Junos System Log Messages Reference.
- To direct messages to a remote machine that is running the UNIX syslogd utility, see the Junos System Log Messages Reference.
Redundant System Log Server
Security system logging traffic intended for remote servers is sent through the network interface ports, which support two simultaneous system log destinations. Each system logging destination must be configured separately (see Setting the System to Stream Security Logs Through Revenue Ports). When two system log destination addresses are configured, identical logs are sent to both destinations. While two destinations can be configured on any device that supports the feature, adding a second destination is primarily useful as a redundant backup for standalone and active/backup configured chassis cluster deployments.
System Log Facilities and Severity Levels
When specifying the destination for system log messages, you can specify the class (facility) of messages to log and the minimum severity level (level) of the message for each location.
Each system log message belongs to a facility, which is a group of messages that are either generated by the same software process or concern a similar condition or activity.
Table 115 lists the system logging facilities, and Table 116 lists the system logging severity levels. For more information about system log messages, see the Junos System Log Messages Reference.
Table 115: System Logging Facilities
Facility | Description |
|---|---|
any | Any facility |
authorization | Any authorization attempt |
change-log | Any change to the configuration |
cron | Cron scheduling process |
daemon | Various system processes |
interactive-commands | Commands executed in the CLI |
kernel | Messages generated by the Junos OS kernel |
user | Messages from random user processes |
Table 116: System Logging Severity Levels
Severity Level (from Highest to Lowest Severity) | Description |
|---|---|
emergency | System panic or other conditions that cause the routing platform to stop functioning. |
alert | Conditions that must be corrected immediately, such as a corrupted system database. |
critical | Critical conditions, such as hard drive errors. |
error | Standard error conditions that generally have less serious consequences than errors in the emergency, alert, and critical levels. |
warning | Conditions that warrant monitoring. |
notice | Conditions that are not error conditions but are of interest or might warrant special handling. |
info | Informational messages. This is the default. |
debug | Software debugging messages. |
Control Plane and Data Plane Logs
Junos OS generates separate log messages to record events that occur on the system’s control and data planes.
- The control plane logs include events that occur on the routing platform. The system sends control plane events to the eventd process on the Routing Engine, which then handles the events by using Junos OS policies and/or by generating system log messages. You can choose to send control plane logs to a file, user terminal, routing platform console, or remote machine. To generate control plane logs, use the syslog statement at the [system] hierarchy level
- The data plane logs primarily include security events
that the system has handled directly inside the data plane. These
system logs are also referred to as security logs. How the system
handles data plane events depends on the device:
- For J Series devices, the most common logging configuration is the Junos OS configuration in which the system sends data plane events to the eventd process on the Routing Engine to be processed, formatted, and written to system log files in a similar manner to control plane events.
- For SRX3400, SRX3600, SRX5600, and SRX5800 devices, by default, the system streams already-processed data plane events directly to external log servers, bypassing the Routing Engine. If an event requires processing, the system sends the event to the eventd process on the Routing Engine.
- For SRX100, SRX210, SRX220, SRX240, and SRX650 devices, by default, the system sends data plane events to the eventd process on the Routing Engine to be processed, formatted, and written to system log files in a similar manner to control plane events.
You can change these settings. See Setting the System to Send All Log Messages Through eventd and Setting the System to Stream Security Logs Through Revenue Ports.
