Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX/PTX] "cmd='ls -i /var/etc/filters/filter-define.conf'" log message generated every 30 seconds

0

0

Article ID: KB33173 KB Last Updated: 05 Apr 2021Version: 2.0
Summary:

This article explains the meaning of the cmd='ls -i /var/etc/filters/filter-define.conf' log message that is generated every 30 seconds on MX and PTX series devices, and indicates whether any action is required.

Symptoms:

The following log messages are generated:

*** messages ***
Sep 20 18:51:52.530 2018  mx-re0 rshd[xxxxx]: %AUTH-7: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
Sep 20 18:52:22.615 2018  mx-re0 rshd[xxxxx]: %AUTH-7: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
Sep 20 18:52:52.747 2018  mx-re0 rshd[xxxxx]: %AUTH-7: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
Sep 20 18:53:22.778 2018  mx-re0 rshd[xxxxx]: %AUTH-7: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
Sep 20 18:53:52.814 2018  mx-re0 rshd[xxxxx]: %AUTH-7: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
Sep 20 18:54:22.849 2018  mx-re0 rshd[xxxxx]: %AUTH-7: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
Sep 20 18:54:52.974 2018  mx-re0 rshd[xxxxx]: %AUTH-7: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
Sep 20 18:55:23.006 2018  mx-re0 rshd[xxxxx]: %AUTH-7: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'

 

Cause:

Under normal conditions, when graceful Routing Engine switchover (GRES) is enabled, the above message is seen periodically. It means that the backup Routing Engine (RE) is trying to check connectivity with the primary RE every 30 seconds (in addition to the regular GRES keepalives). The message does not appear when GRES is not enabled.

The logging is done by the RSHD tool at a frequency of 30 seconds to make sure that the filter template between the primary and the backup RE is in sync. The periodic task can be considered as an internal integrity check performed on the firewall filter configuration.

Note: The firewall filter configuration file is stored at /var/etc/filters/filter-define.conf.

Solution:

The log message is harmless and can safely be ignored. If required, the logging can be modified by changing the severity level for authorization from any to info as follows:

{MASTER}

User@mx-re0> show configuration system syslog file messages
any any;
authorization info;
explicit-priority;
Modification History:

2021-04-05: Updated the article terminology to align with Juniper's Inclusion & Diversity initiatives

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search