Junos Automation (Scripting)
Reply
Trusted Contributor
stine
Posts: 434
Registered: ‎05-05-2008
0
Accepted Solution

reclassifying a syslog message

Is there a way to change the level for SNMP_TRAP_LINK_UP from INFO to WARNING ?

 

If not, I'll have to figure out how to send WARNING or higher + SNMP_TRAP_LINK_UP messages.

 

Also, is there a better document for syslog message interpretation than "System Log Messages Reference / Release 10.0"?  This works fine if you have a syslog message that you need to understand and decode, but I need to build alarm rules in a 3rd party application (LogRhythm), and it would be very helpful to have have something like this:

 

 

SNMP_TRAP_LINK_UP: ifIndex 628, ifAdminStatus up(1), ifOperStatus up(1), ifName st0.50


 in which shows the message format

 

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
Recognized Expert
ccall
Posts: 235
Registered: ‎06-18-2008
0

Re: reclassifying a syslog message

You can't change the severity of the original message, but you can relog messages at a desired severity level by using an event script. For an example of how to do this see the change-syslog-severity.slax script on pages 74-75 of the Applying Junos Event Automation Day One Guide:

 

http://www.juniper.net/us/en/local/pdf/day-one-guides/7100110-en.pdf

 

 

Trusted Contributor
stine
Posts: 434
Registered: ‎05-05-2008
0

Re: reclassifying a syslog message

Thank you, that is EXACTLY what (and why) I was looking for.

 

One note, on page 75 in the stanza:

 

/* If they have a PID then include it */
if( string-length( $pid ) > 0 ) {
     expr [" _ $pid _ "]";
}

 

there is a missing double-quote before the '[' character.

 

It should read:

 

/* If they have a PID then include it */
if( string-length( $pid ) > 0 ) {
expr
"[" _ $pid _ "]";
}

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
Recognized Expert
ccall
Posts: 235
Registered: ‎06-18-2008
0

Re: reclassifying a syslog message

Thanks for pointing out the missing quote character. I'll add it to the list of errata.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.