Routing
Highlighted
Routing

logfile turned over due to -F request and events logged

‎11-11-2018 11:21 PM

> show log messages
Nov 10 09:50:27 MOZZAZ_SRX340 newsyslog[93146]: logfile turned over due to -F request

No logs are find in the log messages,and URL access logs also not working

 

 

 

5 REPLIES 5
Routing

Re: logfile turned over due to -F request and events logged

‎11-12-2018 12:16 AM

There can be many reasons for this.

 

Please start by providing configuration snippets for 'show configuration security log' and 'show configuration system syslog'.

 

My guess is that you have enabled stream logging or haven't defined a syslog statement for local traffic flow logging. Please also remember to include log statement on relevant security policies.


--
Best regards,

Jonas Hauge Jensen
Systems Engineer, SEC DATACOM A/S (Denmark)
Routing

Re: logfile turned over due to -F request and events logged

‎11-12-2018 12:31 AM
@MOZZAZ_SRX340> show configuration security log mode event; MOZZAZ_SRX340# run show configuration system syslog archive size 100k files 3; user * { any emergency; } file interactive-commands { interactive-commands any; } file LogsWeb { any any; archive size 1024000000 files 1; structured-data; } file Logs { any any; archive size 1024000000 files 1; structured-data; }
Routing

Re: logfile turned over due to -F request and events logged

‎11-12-2018 02:46 AM

can you confirm that you have "permit log session-init" and/or "permit og session-close" on your security policies?

 

at the same, please provide output of 'file list /var/log/'.

what if you do 'show log LogWeb' - are any data shown?


--
Best regards,

Jonas Hauge Jensen
Systems Engineer, SEC DATACOM A/S (Denmark)
Routing

Re: logfile turned over due to -F request and events logged

‎11-12-2018 03:38 AM

"permit log session-init" and/or "permit og session-close---Yes Its configured in policies

 

@MOZZAZ_SRX340> file list /var/log/

/var/log/:
Logs
Logs.0.gz
Logs.1.gz
Logs.2.gz
LogsWeb
__jsrpd_commit_check__
aamwd_chk_only
appidd
authd_libstats
authd_profilelib
authd_sdb.log
autod
bin_messages
chassisd
cosd
cscript.log
da_cs_log_clt_6_0
da_cs_log_dummy
da_cs_log_svr_6_0
dcd
dcd_commit_check
debug_wmid.1
dfwc
eccd
ext/
flowc/
fpc_poweron_seq.log
fwauthd_chk_only
ggsn/
gres-tp
group_db.log
httpd.log
idpd_err
idpinfo_err
install
interactive-commands
interactive-commands.0.gz
interactive-commands.1.gz
interactive-commands.2.gz
inventory
ipfd
ipfd_chk_only
jam_chassisd
jam_cosd
jam_dcd
jam_dfwd
jam_l2ald
jam_tnp.bootpd
jdhcpd_era_discover.log
jdhcpd_era_discover.log.0
jdhcpd_era_discover.log.1
jdhcpd_era_discover.log.2
jdhcpd_era_discover.log.3
jdhcpd_era_solicit.log
jdhcpd_era_solicit.log.0
jdhcpd_era_solicit.log.1
jdhcpd_era_solicit.log.2
jdhcpd_era_solicit.log.3
jdhcpd_era_v4_blq.log
jdhcpd_era_v4_blq.log.0
jdhcpd_era_v4_blq.log.1
jdhcpd_era_v4_blq.log.2
jdhcpd_era_v4_blq.log.3
jdhcpd_era_v6_blq.log
jdhcpd_era_v6_blq.log.0
jdhcpd_era_v6_blq.log.1
jdhcpd_era_v6_blq.log.2
jdhcpd_era_v6_blq.log.3
jdhcpd_sdb.log
jnud
jsrpd
kmd
license
license_subs_trace.log
mastership
messages
messages.0.gz
messages.1.gz
messages.2.gz
messages.3.gz
nginx.log
nsd
nsd_chk_only
nstraced
nstraced_chk_only
op-script.log
pcre_db.log
pfed_jdhcpd_trace.log
rexp_db.log
rtlog_file
rtlogd
snapshot
userid_chk_only
utmd-av
vital/
wtmp
wtmp.0.gz
wtmp.1.gz

@MOZZAZ_SRX340> show log LogWeb
error: could not resolve file: LogWeb

Routing

Re: logfile turned over due to -F request and events logged

‎11-12-2018 04:27 AM

i made a typo - should have been 'show log LogsWeb'... overall it looks right logfiles are being created and rotated.

 

You have to know that only a subset of logs will go into /var/log/messages. I suggest that you read a bit regarding syslog and srx: https://kb.juniper.net/InfoCenter/index?page=content&id=kb16502

 

For further analyze can you please go into the system shell and do a 'ls -al /var/log' to see when files last were changed.


--
Best regards,

Jonas Hauge Jensen
Systems Engineer, SEC DATACOM A/S (Denmark)