Including the Facility and Severity in Messages

Problem

Your system logfiles contain lots of messages, and you want to use the severity levels to distinguish the important ones from the informational ones.

Solution

Include the severity level in each logging message:

[edit system syslog file messages] aviva@router1# set explicit-priority

 

Discussion

When you configure each system logfile and include the explicitly-priority statement, all system log messages contain the priority, which is a combination of the facility and severity level. The following example highlights the priority for messages in the logfile.

aviva@router1> show log messages | match "Mar 9 11:5" Mar 9 11:54:31 router1 login: % AUTH-6-LOGIN_INFORMATION: User aviva logged in from host 172.17.28.19 on device ttyp1 Mar 9 11:54:34 router1 mgd[29108]: % INTERACT-5-UI_DBASE_LOGIN_EVENT: User 'aviva' entering configuration mode Mar 9 11:56:13 router1 mgd[29108]: %INTERACT-5-UI_DBASE_LOGOUT_EVENT: User 'aviva' exiting configuration mode Mar 9 11:57:52 router1 mgd[28332]: %INTERACT-5-UI_DBASE_LOGOUT_EVENT: User 'aviva' exiting configuration mode

In the first message the priority is %AUTH-6, which indicates that this message was generated by the authorization facility. The severity is 6, so you know that it's an informational message. The remaining three messages have a priority of %INTERACT-5, so they come from the interactive commands facility and have a severity of 5, or notice.

You could also match on a specific priority of interest. Here we show only critical messages (severity of 2):

aviva@router1> show log messages | match -2- Jun 10 03:06:51 router1 /kernel: %KERN-2-CPU: Pentium II/Pentium II Xeon/Celer on (331.71-MHz 686-class CPU) Jun 10 03:06:51 router1 /kernel: %KERN-2-DEVFS: ready for devices Jun 10 03:06:51 router1 /kernel: %KERN-2-DEVFS: ready to run Jun 10 03:07:10 router1 snmpd[2722]: %DAEMON-2-SNMPD_TRAP_COLD_START: trap_gen erate_cold: SNMP trap: cold start

The message string always reports the original, local facility. If a message belongs to a JUNOS-specific facility, the JUNOS system logging utility still uses an alternate facility for the message itself when directing messages to a remote machine.

Категории