Switching

I have port security enabled on my EX3200. When the MAC limit is reached messages are logged to the messages log as such:

eswd[893]: ESWD_MAC_LIMIT_BLOCK: MAC limit (1) exceeded at ge-0/0/37.0: shutting down the interface

I have setup the following:

host xxx.xxx.xxx.xxx {
    security error;
    user error;
    match ".*(ESWD_BPDU_BLOCK_ERROR_DISABLED|ESWD_MAC_LIMIT_BLOCK).*";

I have tested my Regex in a regex editor and it finds the lines without issue. How do I get these to actually send a message to my syslog server??

Hello,

You specified wrong facility for syslogging.

It should be "daemon" or "any", not "security" or "user":

aarseniev@abernathy> help syslog ESWD_BPDU_BLOCK_ERROR_DISABLED 
Name:          ESWD_BPDU_BLOCK_ERROR_DISABLED
Message:       <interface-name>: bpdu-block disabled port
Help:          Bpdu Block disabled an interface
Description:   This condition occurs when bpdu-block error condition is detected.
Type:          Error: An error occurred
Severity:      alert
Facility:      LOG_DAEMON

{master:0}
aarseniev@abernathy> help syslog ESWD_MAC_LIMIT_BLOCK              
Name:          ESWD_MAC_LIMIT_BLOCK
Message:       MAC limit (<limit>) exceeded at <interface-name>: shutting down the interface
Help:          Data traffic on interface was halted because the number of MAC addresses learned on
               the interface exceeded the user-configured limit.
Description:   Interface was blocked because the number of MAC addresses learned on an interface
               has exceeded the user configured limit.
Type:          Error: An error occurred
Severity:      alert
Facility:      LOG_DAEMON

HTH

Rgds

Alex

Thanks aarseniev. I had no idea you could get that information from the help system. I'm still learning these Juniper switches so thanks a lot!!!