Junos¶
In general, the structure of the syslog messages generated by Junos has the following format:
<PRI><datetime> <hostname> <process-name>[<process-id>]: <syslog-tag>: <MSG>
Where:
datetime
: The time when the message was generated in the format:MMM dd hh:mm:ss
.hostname
: The device that generated the message.process-name
: The name of the process that generated the mesage.process-id
The PID of the process that generated the message.syslog-tag
: The Junos tag of the syslog message. To see all the possible tags, executehelp syslog ?
.
Examples:
<25>Jun 21 14:03:12 vmx01 eswd[2902]: ESWD_BPDU_BLOCK_ERROR_DISABLED: ge-0/0/17.0: bpdu-block disabled port
<87>Jul 5 05:52:44 vmx01 rpd[1848]: bgp_read_message:2764: NOTIFICATION received from 1.2.3.4 (External AS 1234): code 6 (Cease) subcode 5 (Connection Rejected)
PRI¶
Junos defines the following facilities, based on the standard PRI:
Numerical code | Standard keyword | Junos facility name | Description |
---|---|---|---|
0 | kern | LOG_KERN | Actions performed or errors encountered by the Junos kernel |
1 | user | LOG_USER | Actions performed or errors encountered by user-space processes |
3 | daemon | LOG_DAEMON | Actions performed or errors
encountered by system processes
|
4 | auth | LOG_AUTH | Authentication and authorization
attempts
|
5 | syslog | LOG_SYSLOG | Actions performed or errors
encountered by the Junos system
logging utility
|
7 | news | LOG_NEWS | Network news subsystem
|
10 | authpriv | LOG_AUTHPRIV | Authentication and authorization
attempts that can be viewed by
superusers only
|
11 | ftp | LOG_FTP | Actions performed or errors
encountered by the FTP process
|
12 | ntp | LOG_NTP | Actions performed or errors
encountered by the Network
Time Protocol (NTP)
|
15 | cron | LOG_CRON | Actions performed or errors
encountered by the cron process
|
To see the messages that are under a specific facility, Junos allows you to
check that using the following command: help syslog facility <junos facility name>
,
e.g., help syslog facility LOG_USER
.