Knowledge Search


×
 

[Junos] How to change the severity level of a specific syslog message

  [KB26581] Show Article Properties


Summary:
This article provides information on how to enable the SNMP_TRAP_LINK_UP syslog message in the default syslog configuration and introduces a new feature - priority-override under the event-options hierarchy level to enable it.
Symptoms:
By default, in Junos, the severity level for all of the facilities is notice; except for the authorization facility:
file messages {
    any notice;
    authentication info;
}
So, you cannot see some log messages, whose severity levels are lower than notice (except for the authentication facility). You can change the severity from any notice to any info or any debug. But, you will see a lot of unnecessary info or debug level syslog messages, as it will change the severity level per facility.

For example,

in the default configuration, you can see the SNMP_TRAP_LINK_DOWN message; but not the SNMP_TRAP_LINK_UP message, as the severity level of SNMP_TRAP_LINK_DOWN is warning, however, for SNMP_TRAP_LINK_UP it is info.

You can change the severity of the daemon facility to info to enable SNMP_TRAP_LINK_UP. But you will see a lot of unnecessary info level syslog messages of the daemon facility.
Cause:
  • Before Junos 12.1, only the changing of the severity level per facility was supported.

  • From Junos 12.1, the changing of the security level for a specific syslog message is supported.
Solution:
Before Junos 12.1, use the following workaround:
 
  1. When you log messages to the HDD or Flash memory, dedicate one or more log file to the up/down link.
    file messages {
        any notice;
        authentication info;
        explicit-priority;
    }
    file interface_status {
        daemon info;
        explicit-priority;
        match "(SNMP_TRAP_LINK_UP|SNMP_TRAP_LINK_DOWN)";
    }
  2. When you log messages to the syslog server, configure two IP addresses for the syslog server (in this example, 10.0.0.1 and 10.0.0.2):
    host 10.0.0.1 {
        any notice;
        authentication info;
        explicit-priority;
    }
    host 10.0.0.2 {
        daemon info;
        explicit-priority;
        match "(SNMP_TRAP_LINK_UP)|(SNMP_TRAP_LINK_DOWN)";
    }
    
From Junos 12.1, you can change the facility and severity level:

For both the syslog file and server, You can use the priority-override feature under the event-options hierarchy to change the severity of a specific syslog message:
event-options {
    policy test {
        events SNMP_TRAP_LINK_UP;
        then {
            priority-override {
            facility daemon;
            severity notice;
            }
        }
    }
}
Modification History:
2018-04-21: corrected match "(SNMP_TRAP_LINK_UP)|(SNMP_TRAP_LINK_DOWN)" syntax.
Related Links: