Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] How to make a log file that records almost everything that happens in the device

0

0

Article ID: KB22588 KB Last Updated: 30 Dec 2011Version: 1.0
Summary:
This article provides information on how to create a log file records almost everything that happens in the device.

Important points:

  • It is important that this article is followed for efficient troubleshooting; before and after a case has been logged with JTAC.

  • This article assumes that 'event mode' logging is used.

  • This article explains the creation of a log file that contains everything that happens in the device; at the same time it is neither too populated that it becomes useless, nor too under-populated that it has nothing to look at.
Symptoms:
  • At times, customers face a network issue and need relevant logs from the device for building a Root Cause Report (for example, network outage is most common; wherein the logs at the exact time of the issue are needed).

  • In such cases, the logs are either too scanty or over-populated. They are rolled over many times, before the JTAC engineer takes a look at the log files.

  • If the log file is too scanty, then the logs will be insufficient for the JTAC to dig out the relevant information.

  • The solution is to make a log file that includes every activity in the device; but excludes the activities that contribute to 90% of the logs.
Cause:

Solution:
Such a file can be made as :

set system syslog file catch-all any any
set system syslog file catch-all match "!RT_" < This will exclude the un-necessary traffic logs
set system syslog file catch-all archive size 1m
set system syslog file catch-all archive files 3

file catch-all {
   any any;
   match "!RT_";
   archive size 1m files 3;
}

Another file must be created to catch the traffic logs:

set system syslog file traffic-logs any any
set system syslog file traffic-logs match "RT_"
set system syslog file traffic-logs archive size 1m
set system syslog file traffic-logs archive files 3
set system syslog file traffic-logs structured-data

file traffic-logs {
   any any
   match "RT_"
   archive size 1m files 3
   structured-data;
}

  • The catch-all file contains all the 'just-useful' logs; leaving out the unnecessary traffic logs.

  • The task of catching the traffic logs is performed by the traffic-logs file.


This way you can simultaneously have 2 files; one dedicated to catch the device activities and the other to log the traffic.

Note:

  • As soon as a network Issue occurs, you have to collect all the log files with the desired file name; here we have used catch-all.

  • The logs are stored at /var/log/; collect the logs as soon as the issue happens, along with the archived logs as well.

The files will look like this:

file list /var/log/catch-all?
catch-all
catch-all.0.gz
catch-all.1.gz
catch-all.2.gz
Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search