Junos OS

Hi All,

Cisco guy here new to Juniper, and learning Junos via Olive M-router emulation.  I was configuring my router with some routine commands, and decided to enter "set system syslog user * any info " into the command line.  As soon as I did that, I got bombarded by an insane amount of messages like below in this post. They come in so frequently that I can't even see what I'm typing into the prompt.  Luckily a rollback and commit cleared it, so  I am thinking that informational in JUNOS is a far cry from informational in Cisco, and when I set the router to report all syslog events for all users, it was just too much information.

Can someone validate that theory, and if correct, what is the general best practice for the level of syslog notifications that should be set to be recorded in logs to ensure that pertinent / relevant information for troubleshooting will appear in the logs while filtering out the unnecessary messages?

Lastly, I've attached my sample config to this port in a txt file.  Any information is greatly appreciated.

Message from syslogd@M320TEST at Dec 29 14:38:22  ...
M320TEST lacpd[1218]: mcae_conn_init_connect in evConnect()

Message from syslogd@M320TEST at Dec 29 14:38:22  ...
M320TEST /kernel:  M320TEST lacpd[1218]: mcae_conn_init_connect in evConnect()

Message from syslogd@M320TEST at Dec 29 14:38:23  ...
M320TEST lacpd[1218]: mcae_conn_init_connect in evConnect()

Message from syslogd@M320TEST at Dec 29 14:38:46  ...
M320TEST last message repeated 23 times

Message from syslogd@M320TEST at Dec 29 14:38:46  ...
M320TEST /kernel:  M320TEST last message repeated 24 times

Message from syslogd@M320TEST at Dec 29 14:38:47  ...
M320TEST lacpd[1218]: mcae_conn_init_connect in evConnect()

Attachment(s)

Test config.txt   1 KB 1 version

I use this configuration on a regular basis. It's not too verbose.

[edit]
root@EX# show system syslog
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}

[edit]
root@EX#

=====

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Hi Dean,

I think what ever you are observing is expected, because you have enabled syslog for all users at info level. As you know there will be 1000's of log messages of various daemons at various log levels are available in the system. Out of them most of the log messages will be placed at "INFO" level for engineering teams to debug. Rest of the messages will be marked at appropriate severity levels.

If you don't want to see all log messages, please re-configure your syslog config to include only certain daemons and severity levels.

For Ex:

file messages {
    kernel info;
    any notice;
    authorization info;
    pfe info;
    archive world-readable;
}

Thanks

Suresh

The default syslog configuration with Junos is as below.

system {
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
}

With this configuration only emergency/messages will be seen on the terminal.

If you want to log all logs, add another file or syslog server with "any any"

#set system syslog file ALL-Logs any any

or

#set system syslog host x.x.x.x any any

Thanks,

Suraj

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

Thank you all.  Appreciate your feedback on this.