SRX

last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Help setting up logs for multiple terms under match

    Posted 11-18-2014 16:01

    Hey guys,

     

    I'm trying to set up a log on a policy to write multiple terms under the 'match' category.

     

    For example, say I have the following lines in my configuration.

     

    file policy_session {
        user info;
        match junos-http;
        archive size 1000k world-readable;
        structured-data;
    }

     

    I want to be able to log any string in the file that matches the terms 'junos-http' and 'policy-to-DMZ' 

     

    That way, when I go to look at the log files, it will only show the strings with junos-http and policy-to-DMZ in them.

     

    I'm under the impression (after doing some research) that I can do the following, but I'm not entirely sure it's correct:

     

    file policy_session {
        user info;
        match 'junos-http.*policy-to-DMZ';
        archive size 1000k world-readable;
        structured-data;
    }

     

     

    Any insights are grately appreciated.

     

    -Dave

     



  • 2.  RE: Help setting up logs for multiple terms under match

     
    Posted 11-18-2014 21:02

    I belve this will work. I did a small test as below.

     

    created 2 syslog files as below

     

    root@SRX# show system syslog
    file messages {
        any any;
    }
    file syslogtest {
        any any;
        match "'root.*Commit'";
    }

     

    file messages to log everything and file syslogtest to log only lines with "root" and "Commit" andbelow given are the log entries.

     

     

    root@SRX> show log syslogtest
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)

     

    Wherein messages log contains a lot of logs

     

    root@SRX> show log messages | match commit | last 100   
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: finished copying juniper.db to juniper.data+
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: exporting juniper.conf
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: expanding interface-ranges
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: finished expanding interface-ranges
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: expanding groups
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: finished expanding groups
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: setup foreign files
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: update license counters
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: finish license counters
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: propagating foreign files
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: complete foreign files
    Nov 19 11:45:31  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: dropping unchanged foreign files
    Nov 19 11:45:32  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: daemons checking new configuration
    Nov 19 11:45:32  SRX210Hm-7 mgd[5837]: UI_COMMIT_PROGRESS: Commit operation in progress: commit wrapup...

     

     

    Thanks,

    Suraj

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

     



  • 3.  RE: Help setting up logs for multiple terms under match

    Posted 11-19-2014 10:10

    Hey rsuraj,

     

    First off, thank you for your prompt reply.  It looks like you're going along the right terms, but I'm still unable to get my logging working.

     

    The two terms I need to match are "junos-http" and "policy-to-DMZ"

     

    I'm guessing the fact that the terms contain the hypen (-) symbol may be setting some other conditional I'm not aware of.  I opted for doing the literal command (as show below), but still nothing is showing in my logs.  I know there is traffic flowing through however because for my general log, it shows traffic that contains both of those terms.

     

    file policy_session {
        user info;
        match "'junos\-http.*policy\-to\-DMZ'";
        archive size 1000k world-readable;
        structured-data;
    }

     

    Again, thank you for your time.



  • 4.  RE: Help setting up logs for multiple terms under match
    Best Answer

    Posted 11-19-2014 15:36

    I figured it out finally after trying different combinations.

     

    I had to remove both the single and double quotation marks.  

     

    The result is a line that looks like this:

     

    file policy_session {
        user info;
        match junos-http.*policy-to-DMZ;
        archive size 1000k world-readable;
        structured-data;
    }

     

    In case anyone runs into this issue and wants to make logs even more specific for trouble shooting purposes, you can do so by adding the .* on to the matched terms.

     

    I hope this is able to help anyone else having this issue.