Ethernet Switching
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
unclerico
Contributor
unclerico
Posts: 10
Registered: ‎01-29-2011
0
Accepted Solution

Turn log messages into Syslog messages?

Options

‎03-08-2011 11:37 AM

I have port security enabled on my EX3200. When the MAC limit is reached messages are logged to the messages log as such:

eswd[893]: ESWD_MAC_LIMIT_BLOCK: MAC limit (1) exceeded at ge-0/0/37.0: shutting down the interface

I have setup the following:

host xxx.xxx.xxx.xxx {
    security error;
    user error;
    match ".*(ESWD_BPDU_BLOCK_ERROR_DISABLED|ESWD_MAC_LIMIT_BLOCK).*";

 

I have tested my Regex in a regex editor and it finds the lines without issue. How do I get these to actually send a message to my syslog server??

Message 1 of 3 (1,105 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
aarseniev
Posts: 1,184
Registered: ‎08-21-2009

Re: Turn log messages into Syslog messages?

Options

‎03-09-2011 02:08 AM

Hello,

You specified wrong facility for syslogging.

It should be "daemon" or "any", not "security" or "user":

 

 

aarseniev@abernathy> help syslog ESWD_BPDU_BLOCK_ERROR_DISABLED 
Name:          ESWD_BPDU_BLOCK_ERROR_DISABLED
Message:       <interface-name>: bpdu-block disabled port
Help:          Bpdu Block disabled an interface
Description:   This condition occurs when bpdu-block error condition is detected.
Type:          Error: An error occurred
Severity:      alert
Facility:      LOG_DAEMON

{master:0}
aarseniev@abernathy> help syslog ESWD_MAC_LIMIT_BLOCK              
Name:          ESWD_MAC_LIMIT_BLOCK
Message:       MAC limit (<limit>) exceeded at <interface-name>: shutting down the interface
Help:          Data traffic on interface was halted because the number of MAC addresses learned on
               the interface exceeded the user-configured limit.
Description:   Interface was blocked because the number of MAC addresses learned on an interface
               has exceeded the user configured limit.
Type:          Error: An error occurred
Severity:      alert
Facility:      LOG_DAEMON

 

 

HTH

Rgds

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Message 2 of 3 (1,081 Views)
 
Reply
unclerico
Contributor
unclerico
Posts: 10
Registered: ‎01-29-2011
0

Re: Turn log messages into Syslog messages?

Options

‎03-09-2011 05:59 AM

Thanks aarseniev. I had no idea you could get that information from the help system. I'm still learning these Juniper switches so thanks a lot!!!

Message 3 of 3 (1,066 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.