Day One Tips
Day One Tips

Technique: setting priority in your system log files

‎11-23-2010 01:53 AM

To distniguish important files from informational files in your system log files, use severity levels


Include severity level in each logging message


[edit system syslog file messages]

ugo@nigeria# set explicit-priority


If you include the explicitly-priority statement, all system log messages contain the priority, which is a combination of the facility and severity level. The following example highlights the priority for messages in the logfile.


ugo@nigeria> show log messages | match "Mar 9 11:5"

Mar 9 11:54:31 router1 login: % AUTH-6-LOGIN_INFORMATION: User ugo logged in from host on device ttyp1 Mar 9 11:54:34 router1 mgd[29108]: % INTERACT-5-UI_DBASE_LOGIN_EVENT: User 'ugo' entering configuration mode Mar 9 11:56:13 router1 mgd[29108]: %INTERACT-5-UI_DBASE_LOGOUT_EVENT: User 'ugo' exiting configuration mode Mar 9 11:57:52 router1 mgd[28332]: %INTERACT-5-UI_DBASE_LOGOUT_EVENT: User 'ugo' exiting configuration mode


In the first message the priority is %AUTH-6, which indicates that this message was generated by the authorization facility. The severity is 6, so you know that it's an informational message. The remaining three messages have a priority of %INTERACT-5, so they come from the interactive commands facility and have a severity of 5, or notice.


You could also match on a specific priority of interest. Here we show only critical messages (severity of 2):


ugo@nigeria> show log messages | match -2-

Jun 10 03:06:51 router1 /kernel: %KERN-2-CPU: Pentium II/Pentium II Xeon/Celer on (331.71-MHz 686-class CPU) Jun 10 03:06:51 router1 /kernel: %KERN-2-DEVFS: ready for devices Jun 10 03:06:51 router1 /kernel: %KERN-2-DEVFS: ready to run Jun 10 03:07:10 router1 snmpd[2722]: %DAEMON-2-SNMPD_TRAP_COLD_START: trap_gen erate_cold: SNMP trap: cold start


The message string always reports the original, local facility. If a message belongs to a JUNOS-specific facility, the JUNOS system logging utility still uses an alternate facility for the message itself when directing messages to a remote machine.