Junos OS

last person joined: yesterday 

Ask questions and share experiences about Junos OS.

  • 1.  Junos Syslog

    Posted 10-06-2016 16:54

    Hello, i need help about syslog in Junos.

     

    I need to separate some kind of messages, wich by default are logged in file "messages", to another file. I could do it using regular expressions:

     

     

    set system syslog file snmp-auth any any
set system syslog file snmp-auth match .*SNMPD_AUTH_FAILURE*

     

    So i get:

     

    admin@router1# run show log snmp-auth
    Oct  6 18:41:22  rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)
Oct  6 18:44:45  rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)

    It's OK, works. But, i'm still seeing this messages in "messages" file:

     

    admin@router1# run show log messages | match SNMPD_AUTH_FAILUR
Oct  6 18:41:22  rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)
Oct  6 18:44:45  rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)

    So, it does not work how i expected, because i dont want to see it repeated in "messages". In fact, what interests me most is that the file messages dont show some kind of lines with info that i already know.

     

     

    The rest of config in syslog:

     

    set system syslog archive size 1M
set system syslog archive files 5
set system syslog user * any emergency
set system syslog host xxx.xxx.xxx.xxx any info
set system syslog host xxx.xxx.xxx.xxx facility-override local7
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file snmp-auth any any
set system syslog file snmp-auth match .*SNMPD_AUTH_FAILURE*

    Im working with a MX10, JUNOS Base OS Software Suite [12.3R4.6].

     

     

    Thanks!

    Marcelo.

     

     



  • 2.  RE: Junos Syslog
    Best Answer

     
    Posted 10-06-2016 18:17

    Hi Marcello,

     

    You can use the below setting to block specific log from a syslog. 

     

    file messages {
    any notice;
    match "!(.*SNMPD_AUTH_FAILURE.*)";
    }

     

    BR,

    Anand

     



  • 3.  RE: Junos Syslog

    Posted 10-06-2016 20:48

    Hello Anand,

     

    Good idea; i had considered this option. In this case i think that could works, but i did not like enought in general because for each separated file that i need, i will have to put the !(reg-exp) in messages. However, i will do it like you suggest

     

    On other hand, i found that in a similar case on a EX3300, it was not necessary to add the !(..) statement in messages, i guess it is a different treatment between junos versions.

     

    Thank you very much!