ON THIS PAGE
Logging, SNMP, and Telemetry
Learn to enable system logging, SNMP, and telemetry services on the QFX5220, QFX5230, QFX5240, and QFX5241 Switches in your network.
System Logging (Syslog)
You can configure system logging (syslog) to maintain network stability, security, and performance. The syslog configuration enables network administrators to monitor, troubleshoot, and audit the device activities.
To configure syslog locally on a switch:
[edit] root@<hostname># set system syslog file filename any notice root@<hostname># set system syslog file filename authorization info
To configure remote syslog server (sending logs to an external syslog server):
[edit] root@<hostname># set system syslog host syslog-server-ip-address any notice root@<hostname># set system syslog host syslog-server-ip-address structured-data
To configure the source IP address used for syslog traffic:
[edit] root@<hostname># set system syslog host ip-address source-address source-ip-address
SNMP
SNMP monitor network devices such as switches, routers, and other IP-based devices from a single management host. By default, SNMP is not enabled on a QFX Series Switch. However, the operating system running on these switches, Junos OS Evolved, supports SNMPv1, SNMPv2c, and SNMPv3.
To enable SNMP, you need to add the configuration statements at the [edit]
hierarchy level. The minimum configuration you can enable for SNMP is SNMP polling.
To define an SNMP community and sets its permissions.
[edit] root@<hostname># set snmp community community-name authorization authorization-value
For example:
[edit] root@<hostname># set snmp community C1 authorization read-only
[edit] root@<hostname># set snmp community C1 authorization read-write
To configure basic SNMP identity:
[edit] root@<hostname># set snmp contact contact root@<hostname># set snmp location location
To limit SNMP queries to trusted management ports:
[edit] root@<hostname># set snmp community community-name authorization read-only root@<hostname># set snmp community community-string clients mgmt-host-ip-address/prefix
For example:
[edit] root@<hostname># set snmp community "noc_ro" authorization read-only root@<hostname># set snmp community "noc_ro" clients 192.0.2.10/32
To configure SNMP traps:
[edit] root@<hostname># set snmp community community-name authorization authorization-value root@<hostname># set snmp trap-group trap-group-name version version-number root@<hostname># set snmp trap-group trap-group-name targets ip-address community community-name root@<hostname># set snmp trap-group trap-group-name categories link
For example:
[edit] root@<hostname># set snmp community "noc_ro" authorization read-only root@<hostname># set snmp trap-group "nms" version v2 root@<hostname># set snmp trap-group "nms" targets 192.0.2.10 community "noc_ro" root@<hostname># set snmp trap-group "nms" categories link
To verify whether SNMP is running after configuration, run the following command in operational mode:
root@<hostname># run show snmp statistics
Telemetry
Like other Juniper devices, the QFX5220, QFX5230, QFX5240, and QFX5241 switches support Junos telemetry for monitoring network performance, security events, application management, and network capacity planning. For more information about Junos telemetry, see Understanding Junos Telemetry.
You can explore and compare various OpenConfig and Native data model attributes of Junos telemetry using Junos YANG Data Model Explorer. This application enables you to view all the supported resource paths, their corresponding leaves, and the device platforms that supports them. Use the filter option based on the software release number or product to view the list of resource paths and sensors on each platform.
For example, the QFX5220-128C and QFX5220-32CD switches support the interface burst
monitoring feature of Junos telemetry. This feature tracks short‑duration traffic bursts
(not micro bursts) on physical interfaces (that are up) using millisecond‑level sampling and
exports the data through streaming telemetry (gRPC). You cannot enable this feature using
standard CLI. You need to subscribe to a specific telemetry sensor path
/junos/system/linecard/bmon-sw/ through gRPC.
To enable any telemetry feature, you need to ensure that:
-
Junos telemetry interface (JTI) is available.
-
gRPC service is available.
-
OpenConfig for Junos OS Evolved is installed.
Configure gRPC for Junos Telemetry Interface
The remote procedure call developed by Google, gRPC, is an open-source framework that provides secure and reliable transport of data. The QFX5220, QFX5230, QFX5240, and QFX5241 Switches support gRPC primarily through the Junos telemetry interface (JTI) for streaming telemetry data using services such as gRPC Network Management Interface (gNMI). gRPC enables secure programmatic data export. For example, sensors in Google protocol buffer (GPB) format over SSL-encrypted channels.
To configure your device for gRPC services, specify the API connection setting based on Transport Layer Security (TLS) technology, and then specify a local-certificate name. For example:
[edit system services] root@<hostname># set extension-service request-response grpc tls [edit system services extension-service request-response grpc] root@<hostname># set tls local-certificate jsd_certificate
In the first command shown in this example, extension-service request-response
grpc enables the gRPC interface under the extension service framework, used for
APIs such as JTI or third-party integrations. The client issues a request and waits for a
response from the Junos OS Evolved server.
Verify gRPC Configuration on QFX Series Switches
To verify gRPC configuration, run the following command on all the leaf and spine node devices:
show configuration system services extension-service
To validate connectivity between the telemetry collectors:
show system connections
To verify that the collectors are actively pulling data through gRPC/gNMI:
show network-agent statistics
To verify the status of sensors:
show agent sensors