Automation

Is there a way to change the level for SNMP_TRAP_LINK_UP from INFO to WARNING ?

If not, I'll have to figure out how to send WARNING or higher + SNMP_TRAP_LINK_UP messages.

Also, is there a better document for syslog message interpretation than "System Log Messages Reference / Release 10.0"?  This works fine if you have a syslog message that you need to understand and decode, but I need to build alarm rules in a 3rd party application (LogRhythm), and it would be very helpful to have have something like this:

SNMP_TRAP_LINK_UP: ifIndex 628, ifAdminStatus up(1), ifOperStatus up(1), ifName st0.50

 in which shows the message format

You can't change the severity of the original message, but you can relog messages at a desired severity level by using an event script. For an example of how to do this see the change-syslog-severity.slax script on pages 74-75 of the Applying Junos Event Automation Day One Guide:

http://www.juniper.net/us/en/local/pdf/day-one-guides/7100110-en.pdf

Thank you, that is EXACTLY what (and why) I was looking for.

One note, on page 75 in the stanza:

/* If they have a PID then include it */
if( string-length( $pid ) > 0 ) {
     expr [" _ $pid _ "]";
}

there is a missing double-quote before the '[' character.

It should read:

/* If they have a PID then include it */
if( string-length( $pid ) > 0 ) {
expr "[" _ $pid _ "]";
}

Thanks for pointing out the missing quote character. I'll add it to the list of errata.