Security

Hi experts,

I was wondering if there any way I can change log messages severity level within Junos on Juniper EX series switches. All my logs from EX4500 forwarded to external syslog server and put on two different files "log" and "alert" according to severity level. The "alert" file pereriodically parsed and notifications sent to relevant department. I am interested in particular log message which has severity level of "warning" and I need to change it on Juniper switch to level "alert" and send it to external server. I know there other vendors which has similar feature to change log message attributes by calling external script. I am wondering if this is achievable on Junos.

Thanks

You can implement an event policy that overrides the severity levels for certain events. Have a look at http://www.juniper.net/documentation/en_US/junos15.1/topics/topic-map/junos-script-automation-event-policy-event-syslog-priority.html

Cheers,

Carsten

Might be simpler to just use the match function to also syslog the specific events you want using a regex expression for the log name.

Add the match line under your syslog host stanza with one or more texts to match for forwarding logs.

syslog

     host 1.1.1.1 {

         any alert;

         match "!(*keywords 1 middle* | keywords 2 exact | *keywords 3 ending ) ;

      }

The * is a wild card for the match condition in the syslog message, just add it as needed to catch mulitple messages with a single term.  Separate each keyword set with |  if mulitple are needed.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB22177