SRX Services Gateway
Highlighted
SRX Services Gateway

Help setting up logs for multiple terms under match

‎11-18-2014 04:00 PM

Hey guys,

 

I'm trying to set up a log on a policy to write multiple terms under the 'match' category.

 

For example, say I have the following lines in my configuration.

 

file policy_session {
    user info;
    match junos-http;
    archive size 1000k world-readable;
    structured-data;
}

 

I want to be able to log any string in the file that matches the terms 'junos-http' and 'policy-to-DMZ' 

 

That way, when I go to look at the log files, it will only show the strings with junos-http and policy-to-DMZ in them.

 

I'm under the impression (after doing some research) that I can do the following, but I'm not entirely sure it's correct:

 

file policy_session {
    user info;
    match 'junos-http.*policy-to-DMZ';
    archive size 1000k world-readable;
    structured-data;
}

 

 

Any insights are grately appreciated.

 

-Dave

 

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Help setting up logs for multiple terms under match

‎11-18-2014 09:01 PM

I belve this will work. I did a small test as below.

 

created 2 syslog files as below

 

root@SRX# show system syslog
file messages {
    any any;
}
file syslogtest {
    any any;
    match "'root.*Commit'";
}

 

file messages to log everything and file syslogtest to log only lines with "root" and "Commit" andbelow given are the log entries.

 

 

root@SRX> show log syslogtest
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)

 

Wherein messages log contains a lot of logs

 

root@SRX> show log messages | match commit | last 100   
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: finished copying juniper.db to juniper.data+
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: exporting juniper.conf
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: expanding interface-ranges
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: finished expanding interface-ranges
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: expanding groups
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: finished expanding groups
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: setup foreign files
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: update license counters
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: finish license counters
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: propagating foreign files
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: complete foreign files
Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: dropping unchanged foreign files
Nov 19 11:45:32  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: daemons checking new configuration
Nov 19 11:45:32  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: commit wrapup...

 

 

Thanks,

Suraj

 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

 

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: Help setting up logs for multiple terms under match

‎11-19-2014 10:09 AM

Hey rsuraj,

 

First off, thank you for your prompt reply.  It looks like you're going along the right terms, but I'm still unable to get my logging working.

 

The two terms I need to match are "junos-http" and "policy-to-DMZ"

 

I'm guessing the fact that the terms contain the hypen (-) symbol may be setting some other conditional I'm not aware of.  I opted for doing the literal command (as show below), but still nothing is showing in my logs.  I know there is traffic flowing through however because for my general log, it shows traffic that contains both of those terms.

 

file policy_session {
    user info;
    match "'junos\-http.*policy\-to\-DMZ'";
    archive size 1000k world-readable;
    structured-data;
}

 

Again, thank you for your time.

Highlighted
SRX Services Gateway
Solution
Accepted by topic author Avum_David
‎08-26-2015 01:27 AM

Re: Help setting up logs for multiple terms under match

‎11-19-2014 03:35 PM

I figured it out finally after trying different combinations.

 

I had to remove both the single and double quotation marks.  

 

The result is a line that looks like this:

 

file policy_session {
    user info;
    match junos-http.*policy-to-DMZ;
    archive size 1000k world-readable;
    structured-data;
}

 

In case anyone runs into this issue and wants to make logs even more specific for trouble shooting purposes, you can do so by adding the .* on to the matched terms.

 

I hope this is able to help anyone else having this issue.

Feedback