Interpret Event Messages
The following output shows a sample event message.
Feb 27 02:33:04 bm-a mgd[6520]: UI_LOGIN_EVENT: User 'security-officer' login, class 'j-super-user' [6520], ssh-connection '', client-mode 'cli' Feb 27 02:33:49 bm-a mgd[6520]: UI_DBASE_LOGIN_EVENT: User 'security-officer' entering configuration mode Feb 27 02:38:29 bm-a mgd[6520]: UI_CMDLINE_READ_LINE: User 'security-officer', command 'run show log Audit_log | grep LOGIN
Table 1 describes the fields for an event message. If the system logging utility cannot determine the value in a particular field, a hyphen ( - ) appears instead.
Field | Description | Examples |
---|---|---|
|
Time when the message was generated, in one of two representations:
|
Feb 27 02:33:04 is the timestamp expressed as local time in the United States. 2012-02-27T09:17:15.719Z is 2:33 AM UTC on 27 Feb 2012. |
|
Name of the host that originally generated the message. |
router1 |
|
Name of the Junos OS process that generated the message. |
mgd |
|
UNIX process ID (PID) of the Junos OS process that generated the message. |
4153 |
|
Junos OS system log message tag, which uniquely identifies the message. |
UI_DBASE_LOGOUT_EVENT |
|
Username of the user initiating the event. |
“admin” |
|
English-language description of the event . |
set: [system radius-server 1.2.3.4 secret] |