Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Overview of System Logging

SUMMARY This section describes the system log messages that identify the Junos OS process that generated the message and briefly describes the operation or error that occurred.

Junos OS System Log Overview

Junos OS generates system log messages (also called syslog messages) to record events that occur on the device, including the following:

  • Routine operations, such as creation of an Open Shortest Path First (OSPF) protocol adjacency or a user login to the configuration database

  • Failure and error conditions, such as failure to access a configuration file or unexpected closure of a connection to a peer process

  • Emergency or critical conditions, such as router power-down due to excessive temperature

In Junos OS Release 17.3R1, the syslog-event daemon is able to handle the fxp0 in dedicated management routing instance for for IPv4 addressed remote host. As of Junos OS Release 18.1R1, the syslog-event daemon supports IPv6-based configuration when connecting to a remote host or an archival site and fxp0 is moved to dedicated management instance. In Junos OS Release 18.4R1, the syslog client can send messages through any routing instance you define at appropriate hierarchies. See routing-instance (Syslog).

Note:

This topic describes system log messages for Junos OS processes and libraries and not the system logging services on a Physical Interface Card (PIC) such as the Adaptive Services PIC.

Overview of Junos OS System Log Messages

The Junos OS generates system log messages (also called syslog messages) to record events that occur on the switch, including the following:

  • Routine operations, such as a user login into the configuration database.

  • Failure and error conditions, such as failure to access a configuration file.

  • Emergency or critical conditions, such as power-down of the switch due to excessive temperature.

Each system log message identifies the Junos OS process that generated the message and briefly describes the operation or error that occurred. For detailed information about specific system log messages, see the System Log Explorer.

Note:

OCX Series switches comprise both the Junos OS and the host operating system (OS). For information about system logging on the host OS, see Managing Host OS System Log and Core Files.

Junos OS System Log Configuration Hierarchy

To configure the router to log system messages, include the syslog statement at the [edit system] hierarchy level:

Junos OS System Logging Facilities and Message Severity Levels

Table 1 lists the Junos OS system logging facilities that you can specify in configuration statements at the [edit system syslog] hierarchy level.

Table 1: Junos OS System Logging Facilities

Facility (number)

Type of Event or Error

kernel (0)

Actions performed or errors encountered by the Junos OS kernel

user (1)

Actions performed or errors encountered by user-space processes

daemon (3)

Actions performed or errors encountered by system processes

authorization (4)

Authentication and authorization attempts

ftp (11)

Actions performed or errors encountered by the FTP process

ntp (12)

Actions performed or errors encountered by the Network Time Protocol processes.

security (13)

Security related events or errors.

dfc (17)

Events related to dynamic flow capture

external (18)

Actions performed or errors encountered by the local external applications.

firewall (19)

Packet filtering actions performed by a firewall filter

pfe (20)

Actions performed or errors encountered by the Packet Forwarding Engine

conflict-log (21)

Specified configuration is invalid on the router type

change-log (22)

Changes to the Junos OS configuration

interactive-commands (23)

Commands issued at the Junos OS command-line interface (CLI) prompt or by a client application such as a Junos XML protocol or NETCONF XML client

Table 2 lists the severity levels that you can specify in configuration statements at the [edit system syslog] hierarchy level. The levels from emergency through info are in order from highest severity (greatest effect on functioning) to lowest.

Unlike the other severity levels, the none level disables logging of a facility instead of indicating how seriously a triggering event affects routing functions. For more information, see Disabling the System Logging of a Facility.

Table 2: System Log Message Severity Levels

Value

Severity Level

Description

N/A

none

Disables logging of the associated facility to a destination

0

emergency

System panic or other condition that causes the router to stop functioning

1

alert

Conditions that require immediate correction, such as a corrupted system database

2

critical

Critical conditions, such as hard errors

3

error

Error conditions that generally have less serious consequences than errors at the emergency, alert, and critical levels

4

warning

Conditions that warrant monitoring

5

notice

Conditions that are not errors but might warrant special handling

6

info

Events or nonerror conditions of interest

7

any

Includes all severity levels

Junos OS Default System Log Settings

Table 3 summarizes the default system log settings that apply to all routers that run the Junos OS, and specifies which statement to include in the configuration to override the default value.

Table 3: Default System Logging Settings

Setting

Default

Overriding Statement

Instructions

Alternative facility for message forwarded to a remote machine

For change-log: local6

For conflict-log: local5

For dfc: local1

For firewall: local3

For interactive-commands: local7

For pfe: local4

[edit system syslog]
host hostname {
    facility-override facility;
}

Changing the Alternative Facility Name for System Log Messages Directed to a Remote Destination

Format of messages logged to a file

Standard Junos OS format, based on UNIX format

[edit system syslog]
file filename {
    structured-data;
}

Logging Messages in Structured-Data Format

Maximum number of files in the archived set

10

[edit system syslog]
archive {
    files number;
}
file filename {
    archive {
        files number;
    }
}

Specifying Log File Size, Number, and Archiving Properties

Maximum size of the log file

M Series, MX Series, and T Series: 1 megabyte (MB)

TX Matrix: 10 MB

[edit system syslog]
archive {
    size size;
}
file filename {
    archive {
        size size;
    }
}

Specifying Log File Size, Number, and Archiving Properties

Timestamp format

Month, date, hour, minute, second

For example: Aug 21 12:36:30

[edit system syslog]
time-format format;

Including the Year or Millisecond in Timestamps

Users who can read log files

root user and users with the Junos OS maintenance permission

[edit system syslog]
archive {
    world-readable;
}
file filename {
    archive {
        world-readable;
    }
}

Specifying Log File Size, Number, and Archiving Properties

Junos OS Platform-Specific Default System Log Messages

The following messages are generated by default on specific routers. To view any of these types of messages, you must configure at least one destination for messages as described in Junos OS Minimum System Logging Configuration.

  • To log the kernel process message on an M Series, MX Series, or T Series router, include the kernel info statement at the appropriate hierarchy level:

  • On a routing matrix composed of a TX Matrix router and T640 routers, the primary Routing Engine on each T640 router forwards all messages with a severity of info and higher to the primary Routing Engine on the TX Matrix router. This is equivalent to the following configuration statement included on the TX Matrix router:

  • Starting in Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, likewise on a routing matrix composed of a TX Matrix Plus router with connected T1600 or T4000 routers, the primary Routing Engine on each T1600 or T4000 LCC forwards to the primary Routing Engine on the TX Matrix Plus router all messages with a severity of info and higher. This is equivalent to the following configuration statement included on the TX Matrix Plus router:

    Note:

    From the perspective of the user interface, the routing matrix appears as a single router. The TX Matrix Plus router controls all the T1600 or T4000 routers connected to it in the routing matrix.

Interpreting Messages Generated in Standard Format

The syntax of a standard-format message generated by a Junos OS process or subroutine library depends on whether it includes priority information:

  • When the explicit-priority statement is included at the [filename] or [hostname] hierarchy level, a system log message has the following syntax:

  • When directed to the console or to users, or when the explicit-priority statement is not included for files or remote hosts, a system log message has the following syntax:

Table 4 describes the message fields.

Table 4: Fields in Standard-Format Messages
Field Description

timestamp

Time at which the message was logged.

message-source

Identifier of the process or component that generated the message and the routing platform on which the message was logged. This field includes two or more subfields: hostname, process and process ID (PID). If the process does not report its PID, the PID is not displayed. The message source subfields are displayed in the following format:

hostname	process[process-ID]

facility

Code that specifies the facility to which the system log message belongs. For a mapping of codes to facility names, see Table: Facility Codes Reported in Priority Information in Including Priority Information in System Log Messages.

severity

Numerical code that represents the severity level assigned to the system log message. For a mapping of codes to severity names, see Table: Numerical Codes for Severity Levels Reported in Priority Information in Including Priority Information in System Log Messages.

TAG

Text string that uniquely identifies the message, in all uppercase letters and using the underscore (_) to separate words. The tag name begins with a prefix that indicates the generating software process or library. The entries in this reference are ordered alphabetically by this prefix.

Not all processes on a routing platform use tags, so this field does not always appear.

message-text

Text of the message.

Managing Host OS System Log and Core Files

On Junos OS switches with a host OS, the Junos OS might generates system log messages (also called syslog messages) to record events that occur on the switch, including the following:

  • Routine operations, such as a user login into the configuration database.

  • Failure and error conditions.

  • Emergency or critical conditions, such as power-down of the switch due to excessive temperature.

On OCX Series switches:

  • System log messages are logged in the /var/log/dcpfe.log file in the host OS in the following scenarios:

    • When the forwarding daemon is initialized.

    • Messages are tagged as emergency (LOG_EMERG). A copy of the message is also sent to the /var/log directory on the switch.

  • Messages from processes are available on the host system in the /var/log directory. System log messages from the host chassis management process are recorded in the lcmd.log file in the /var/log directory.

On QFX switches with a host OS:

  • The Junos OS and host OS record log messages for system and process events, and generate core files upon certain system failures.

  • These files are stored in directories such as /var/log for log messages, and /var/tmp or /var/crash for core files, depending on the type of host OS running on the switch.

For diagnostic purposes, you can access these host OS system log and core files from the Junos OS CLI on the switch. You can also clean up directories where the host OS stores temporary log and other files.

This topic includes these sections:

Viewing Log Files On the Host OS System

To view a list of the log files created on the host OS, enter the following command:

Copying Log Files From the Host System To the Switch

To copy log files from the host OS to the switch, enter the following command:

For example, to copy the lcmd log file to the switch, enter the following command:

Viewing Core Files On the Host OS System

To view the list of core files generated and stored on the host OS system, enter the following command:

The list might look like this example output:

Copying Core Files From the Host System To the Switch

To copy core files from the host OS to the switch, enter the following command:

When the destination Junos OS path is a directory, the source filename is used by default. To rename the file at the destination, enter the destination argument as a full path including the desired filename.

For example, to copy the localhost.lcmd.26653.1455520135.core.tgz core archive file to the switch, enter the following command:

To see the results on the switch, enter the following command:

Cleaning Up Temporary Files on the Host OS

To remove temporary files created on the host OS, enter the following command:

For example, the following sample output on a switch with a Linux host OS shows cleanup of temporary files stored in /var/tmp:

Release History Table
Release
Description
15.1X49-D10
Starting in Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, likewise on a routing matrix composed of a TX Matrix Plus router with connected T1600 or T4000 routers, the primary Routing Engine on each T1600 or T4000 LCC forwards to the primary Routing Engine on the TX Matrix Plus router all messages with a severity of info and higher.