[an error occurred while processing this directive][an error occurred while processing this directive]

Interpreting Messages Generated in Structured-Data Format

Beginning in JUNOS Release 8.3, when the structured-data statement is included in the configuration for a log file, JUNOS processes and software libraries write messages to the file in structured-data format instead of the standard JUNOS format. For information about the structured-data statement, see Logging Messages in Structured-Data Format.

Structured-format makes it easier for automated applications to extract information from the message. In particular, the standardized format for reporting the value of variables (elements in the English-language message that vary depending on the circumstances that triggered the message) makes it easy for an application to extract those values. In standard format, the variables are interspersed in the message text and not identified as variables.

The structured-data format for a message includes the following fields (which appear here on two lines only for legibility):

<priority code>version timestamp hostname process processID TAG [junos@2636.platform variable-value-pairs] message-text

Table 1 describes the fields. If the system logging utility cannot determine the value in a particular field, a hyphen ( - ) appears instead.

Table 1: Fields in Structured-Data Messages

FieldDescriptionExamples

<priority code>

Number that indicates the message’s facility and severity. It is calculated by multiplying the facility number by 8 and then adding the numerical value of the severity. For a mapping of the numerical codes to facility and severity, see Table: Facility and Severity Codes in the priority-code Field in Specifying the Facility and Severity of Messages to Include in the Log.

<165> for a message from the pfe facility (facility=20) with severity notice (severity=5).

version

Version of the Internet Engineering Task Force (IETF) system logging protocol specification.

1 for the initial version

timestamp

Time when the message was generated, in one of two representations:

  • YYYY-MM-DDTHH:MM:SS.MSZ is the year, month, day, hour, minute, second and millisecond in Universal Coordinated Time (UTC)
  • YYYY-MM-DDTHH:MM:SS.MS+/-HH:MM is the year, month, day, hour, minute, second and millisecond in local time; the hour and minute that follows the plus sign (+) or minus sign (-) is the offset of the local time zone from UTC
2007-02-15T09:17:15.719Z is 9:17 AM UTC on 15 February 2007. 2007-02-15T01:17:15.719 -08:00 is the same timestamp expressed as Pacific Standard Time in the United States.

hostname

Name of the host that originally generated the message.

router1

process

Name of the JUNOS process that generated the message.

mgd

processID

UNIX process ID (PID) of the JUNOS process that generated the message.

3046

TAG

JUNOS system log message tag, which uniquely identifies the message.

UI_DBASE_LOGOUT_EVENT

junos@2636.platform

An identifier for the type of hardware platform that generated the message. The junos@2636 prefix indicates that the platform runs the JUNOS Software. It is followed by a dot-separated numerical identifier for the platform type. For a list of the identifiers, see Table 3.

junos@2636.1.1.1.2.18 for the M120 router

variable-value-pairs

A variable-value pair for each element in the message-text string that varies depending on the circumstances that triggered the message. Each pair appears in the format variable = "value".

username="regress"

message-text

English-language description of the event or error (omitted if the brief statement is included at the [edit system syslog file filename structured-data] hierarchy level). For the text for each message, see the chapters following System Log Messages.

User 'regress' exiting configuration mode

By default, the structured-data version of a message includes English text at the end, as in the following example (which appears on multiple lines only for legibility):

<165>1 2007-02-15T09:17:15.719Z router1 mgd 3046 UI_DBASE_LOGOUT_EVENT [junos@2636.1.1.1.2.18 username="regress"] User 'regress' exiting configuration mode

When the brief statement is included at the [edit system syslog file filename structured-data ] hierarchy level, the English text is omitted, as in this example:

<165>1 2007-02-15T09:17:15.719Z router1 mgd 3046 UI_DBASE_LOGOUT_EVENT [junos@2636.1.1.1.2.18 username="regress"]

Table 2 maps the codes that appear in the priority-code field to facility and severity level.

Note: Not all of the facilities and severities listed in Table 2 can be included in statements at the [edit system syslog] hierarchy level (some are used by internal processes). For a list of the facilities and severity levels that can be included in the configuration, see Specifying the Facility and Severity of Messages to Include in the Log.

Table 2: Facility and Severity Codes in the priority-code Field

Facility (number)Severity emergencyalertcriticalerrorwarningnoticeinfodebug

kernel (0)

1

1

2

3

4

5

6

7

user (1)

8

9

10

11

12

13

14

15

mail (2)

16

17

18

19

20

21

22

23

daemon (3)

24

25

26

27

28

29

30

31

authorization (4)

32

33

34

35

36

37

38

39

syslog (5)

40

41

42

43

44

45

46

47

printer (6)

48

49

50

51

52

53

54

55

news (7)

56

57

58

59

60

61

62

63

uucp (8)

64

65

66

67

68

69

70

71

clock (9)

72

73

74

75

76

77

78

79

authorization-private (10)

80

81

82

83

84

85

86

87

ftp (11)

88

89

90

91

92

93

94

95

ntp (12)

96

97

98

99

100

101

102

103

security (13)

104

105

106

107

108

109

110

111

console (14)

112

113

114

115

116

117

118

119

local0 (16)

128

129

130

131

132

133

134

135

dfc (17)

136

137

138

139

140

141

142

143

local2 (18)

144

145

146

147

148

149

150

151

firewall (19)

152

153

154

155

156

157

158

159

pfe (20)

160

161

162

163

164

165

166

167

conflict-log (21)

168

169

170

171

172

173

174

175

change-log (22)

176

177

178

179

180

181

182

183

interactive-commands (23)

184

185

186

187

188

189

190

191

Table 3 lists the numerical identifiers for routing platforms that appear in the platform field. The identifier is derived from the platform’s SNMP object identifier (OID) as defined in the Juniper Networks routing platform MIB. For more information about OIDs, see the JUNOS Network Management Configuration Guide.

Table 3: Platform Identifiers in the platform Field

IdentifierPlatform Name

1.1.1.2.1

M40 router

1.1.1.2.2

M20 router

1.1.1.2.3

M160 router

1.1.1.2.4

M10 router

1.1.1.2.5

M5 router

1.1.1.2.6

T640 routing node

1.1.1.2.7

T320 router

1.1.1.2.8

M40e router

1.1.1.2.9

M320 router

1.1.1.2.10

M7i router

1.1.1.2.11

M10i router

1.1.1.2.13

J2300 Services Router

1.1.1.2.14

J4300 Services Router

1.1.1.2.15

J6300 Services Router

1.1.1.2.17

TX Matrix platform

1.1.1.2.18

M120 router

1.1.1.2.19

J4350 Services Router

1.1.1.2.20

J6350 Services Router

1.1.1.2.23

J2320 Services Router

1.1.1.2.24

J2350 Services Router


Published: 2010-04-28

[an error occurred while processing this directive]