Hi karand,
Great, I guess that's what I need.
I configured all of that and don't see the traceoptions saved to the local system anymore, so I guess they are being sent to the host I specified.
Not sure if they are sent to the NMS server, how would I best check that?
And on the NMS server, I'm using LibreNMS at the moment and syslog-ng is running, what would I need to change to the syslog-ng.conf file to parse incoming traceoption logs to files? Because I don't see the files just being created.
I guess overriding traceoptions is not exactly the same as the standard syslogging in JunOS?
I believe there needs to be some sort of extra configuration to get this to work.
UPDATE:
The link you posted also contains this explanation:
"To collect traces, use the local0 facility as the selector in /etc/syslog.conf
on the remote host. To separate traces from various processes into different files, include the process name or trace-file name if it is specified at the [edit process-name traceoptions file] hierarchy level, in the Program field in /etc/syslog.conf
. If your syslog server supports parsing hostname and program name, then you can separate traces from the various processes."
On the NMS server, when I disable and enable a PPPoE client interface, I can see the standard syslog coming in, but not the overridden traceoptions.
[root@no-reverse-yet syslog-ng]# tcpdump host MXROUTER -i ens192 -v
tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
11:19:34.567689 IP (tos 0x0, ttl 62, id 25477, offset 0, flags [none], proto UDP (17), length 182)
no-reverse-yet.comsave.nl.syslog > no-reverse-yet.comsave.nl.syslog: SYSLOG, length: 154
Facility daemon (3), Severity info (6)
Msg: Feb 13 11:18:46 ams-eq4-ar1-customs mib2d[2063]: MIB2D_DLL_UPDATE_MISMATCH: tunnel_delete: Invalid Update Type:IFL ifm_link:41 ifm_type:63 port_type:0
11:19:37.031165 IP (tos 0x0, ttl 62, id 25593, offset 0, flags [none], proto UDP (17), length 201)
no-reverse-yet.comsave.nl.syslog > no-reverse-yet.comsave.nl.syslog: SYSLOG, length: 173
Facility daemon (3), Severity error (3)
Msg: Feb 13 11:18:49 ams-eq4-ar1-customs bbesmgd[2294]: SMD_PPP_RX_UNKNOWN_PACKET_PROTOCOL: bbe_if_ppp_input: Rx unknown packet protocol 0x8281 code 0x1 on ifl pp0.3221225593
11:19:37.134269 IP (tos 0x0, ttl 62, id 25619, offset 0, flags [none], proto UDP (17), length 177)
no-reverse-yet.comsave.nl.syslog > no-reverse-yet.comsave.nl.syslog: SYSLOG, length: 149
Facility daemon (3), Severity info (6)
Msg: Feb 13 11:18:49 ams-eq4-ar1-customs rpd[2264]: krt unsolic client: Received IPv6 address fe80::564b:8cff:fe30:30c1 on ifl pp0.3221225593. Flag:0.
This is what I want to see:
Feb 13 08:46:42.674958 UserAccess:22723RB63@comsave.nl session-id:1125 state:logout-start ae1.demux0.2:2
Feb 13 08:46:42.977311 UserAccess:22723RB63@comsave.nl session-id:1125 state:log-out ae1.demux0.2:2 reason: ppp lcp-peer-terminate-term-req
Feb 13 08:46:58.976899 UserAccess:22723RB63@comsave.nl session-id:1126 state:start ae1.demux0.2:2
Feb 13 08:46:59.475858 UserAccess:22723RB63@comsave.nl session-id:1126 state:access-granted ae1.demux0.2:2
My configuration
syslog {
user * {
any emergency;
}
host NMS {
any any;
}
file messages {
any any;
inactive: authorization info;
archive size 1m files 10;
}
file interactive-commands {
interactive-commands any;
}
source-address MXROUTER;
}
tracing destination-override syslog host NMS
processes {
general-authentication-service {
traceoptions {
file authd size 10m files 10;
flag user-access;
flag address-assignment;
}
}
}
Beelze