Junos
Highlighted
Junos

Junos Syslog

‎10-06-2016 04:54 PM

Hello, i need help about syslog in Junos.

 

I need to separate some kind of messages, wich by default are logged in file "messages", to another file. I could do it using regular expressions:

 

 

set system syslog file snmp-auth any any
set system syslog file snmp-auth match .*SNMPD_AUTH_FAILURE*

 

So i get:

 

admin@router1# run show log snmp-auth 
Oct 6 18:41:22 rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public) Oct 6 18:44:45 rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)

It's OK, works. But, i'm still seeing this messages in "messages" file:

 

admin@router1# run show log messages | match SNMPD_AUTH_FAILUR
Oct  6 18:41:22  rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)
Oct  6 18:44:45  rnoc10 snmpd[1366]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (public)

So, it does not work how i expected, because i dont want to see it repeated in "messages". In fact, what interests me most is that the file messages dont show some kind of lines with info that i already know.

 

 

The rest of config in syslog:

 

set system syslog archive size 1M
set system syslog archive files 5
set system syslog user * any emergency
set system syslog host xxx.xxx.xxx.xxx any info
set system syslog host xxx.xxx.xxx.xxx facility-override local7
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file snmp-auth any any
set system syslog file snmp-auth match .*SNMPD_AUTH_FAILURE*

Im working with a MX10, JUNOS Base OS Software Suite [12.3R4.6].

 

 

Thanks!

Marcelo.

 

 

2 REPLIES 2
Highlighted
Junos
Solution
Accepted by topic author Marcelo Cancer
‎10-06-2016 08:48 PM

Re: Junos Syslog

‎10-06-2016 06:16 PM

Hi Marcello,

 

You can use the below setting to block specific log from a syslog. 

 

file messages {
any notice;
match "!(.*SNMPD_AUTH_FAILURE.*)";
}

 

BR,

Anand

 

Highlighted
Junos

Re: Junos Syslog

‎10-06-2016 08:48 PM

Hello Anand,

 

Good idea; i had considered this option. In this case i think that could works, but i did not like enought in general because for each separated file that i need, i will have to put the !(reg-exp) in messages. However, i will do it like you suggest

 

On other hand, i found that in a similar case on a EX3300, it was not necessary to add the !(..) statement in messages, i guess it is a different treatment between junos versions.

 

Thank you very much!

Feedback