Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX]"cmd='ls -i /var/etc/filters/filter-define.conf'" log message generated every 30 seconds

0

0

Article ID: KB35284 KB Last Updated: 13 Dec 2019Version: 2.0
Summary:

This article explains the meaning of the cmd='ls -i /var/etc/filters/filter-define.conf' log message that is generated every 30 seconds on the virtual chassis of EX series switches and sent to customers' syslog servers, and indicates whether any action is required to resolve the log message.

Symptoms:

The following log messages are continuously generated and sent to the syslog server:

08/11/2019 09:45:50 <Switch hostname> Debug <Switch hostname>: rshd[41359]: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
08/11/2019 09:45:20 <Switch hostname> Debug <Switch hostname>: rshd[41356]: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
08/11/2019 09:44:49 <Switch hostname> Debug <Switch hostname>: rshd[41347]: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
08/11/2019 09:44:19 <Switch hostname> Debug <Switch hostname>: rshd[41344]: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
08/11/2019 09:43:49 <Switch hostname> Debug <Switch hostname>: rshd[41341]: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'
08/11/2019 09:43:20 <Switch hostname> Debug <Switch hostname>: rshd[41328]: root@re1 as root: cmd='ls -i /var/etc/filters/filter-define.conf'

Note: These log messages are not recorded on switches locally so we may not able to see them in any local logs.

Cause:

Under normal conditions, when graceful Routing Engine switchover (GRES) is enabled, the above message is seen periodically. It means that the backup RE is trying to check connectivity with the master RE every 30 seconds (in addition to the regular GRES keepalives). The message does not appear when GRES is not enabled.

The logging is done by the RSHD tool at a frequency of 30 seconds to make sure that the filter template between the master and the backup REs is in sync. The periodic task can be considered as an internal integrity check performed on the firewall filter configuration.

Note: The firewall filter configuration file is stored at /var/etc/filters/filter-define.conf.

Solution:

The log message is harmless and can safely be ignored. If required, the logging can be modified by changing the severity level for authorization from any to info as follows:

{MASTER}
User@EX-re0> show configuration system syslog host X.X.X.X    <===Syslog server address
any any;
authorization info;
user emergency;
interactive-commands any;
log-prefix <Switch hostname>;
source-address X.X.X.X;       <====Switch VC address

 
Modification History:

2019-12-13: Minor edit in Solution section

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search