Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Syslog message format in Junos OS Evolved

0

0

Article ID: KB37088 KB Last Updated: 18 Oct 2021Version: 1.0
Summary:
This article explains the syslog message format used in Junos OS Evolved 
Symptoms:
Scenario: An engineer or administrator needs to integrate a newly acquired Junos OS Evolved device into an existing monitoring systems.

Below is a classic Junos syslog message example from an MX480 with the hostname test-mx480.
 
labroot@test-mx480> show log messages
Dec 19 13:22:41.959  test-mx480 chassisd[5290]: CHASSISD_IFDEV_DETACH_FPC: ifdev_detach_fpc(0)
Dec 19 13:23:22.900  test-mx480 fpc2 Ukern event counter Sock_tx init delayed
 
The Junos eventd daemon does not print the origin process in the syslog messages coming from fpc. The fpc id is used to indicate the source of syslog message.
Syslog messages, like the sample shown above, are collected from the whole network. Usually, the hostname in the syslog message is used as the only distinguisher at the collector.

The following syslog message snippet is from a PTX10008 running Junos OS Evolved (20.4R2-EVO). Junos OS Evolved always prints the process name in the syslog messages coming from nodes.

labroot@test-ptx10008-re0> show log messages
May 25 18:41:05.375  test-ptx10008-re0 mgd[16201]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/dot1xd', PID 21322, status 0
May 25 18:42:34.632  test-ptx10008-fpc0 evo-cda-bt[14299]: Register bt.igp_misc.debug.hdr_length_cnt not found
May 25 18:42:34.753  test-ptx10008-fpc1 evo-cda-bt[14427]: HBM: hbm_gf_register_inst
May 25 18:47:14.498  test-ptx10008-re0 ehmd[5598]: SYSTEM_APP_READY: App is ready re0-ehmd

The difference between Junos and Junos OS Evolved is that the latter, by default, appends the node name to the hostname. This is done to keep Junos OS Evolved syslog messages compliant with RFC5424.  However, such implementation may introduce some challenges to the existing monitoring systems. If the hostname in the syslog message does not match any from inventory of hostnames, the syslog message may not be identified correctly.
Solution:
A new command knob 'alternate-format' has been added in Junos OS Evolved 20.4R2-EVO to overcome the described problem.

labroot@test-ptx10008-re0# set system syslog ?
Possible completions:
  allow-duplicates     Do not suppress the repeated message for all targets
  alternate-format     Append node name with daemon name instead of hostname(default) in the log entries
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> archive              Archive file information
...

Below is a syslog message snippet with the "alternate-format" knob configured. The node name is prepended to the process name and the rest is the message. With this configuration Junos OS Evolved syslog messages are distinguished by the hostname in the syslog message at the collector as it is done with the Junos syslog messages.
 
labroot@test-ptx10008-re0> show log messages
May 27 16:25:28.695  test-ptx10008 re0-mgd[3876]: UI_DBASE_LOGOUT_EVENT: User 'labroot' exiting configuration mode
May 27 16:25:28.439  test-ptx10008 re1-systemd-logind[7682]: Removed session c16.
May 27 16:26:17.080  test-ptx10008 fpc0-evo-cda-bt[14300]: [Warn] CDA QPoll: activOrReset:0 but needReset:1 for pfeIdx:0 pport:0
May 27 16:26:45.080  test-ptx10008 fpc1-evo-cda-bt[14541]: [Warn] CDA QPoll: activOrReset:0 but needReset:1 for pfeIdx:1 pport:0
Modification History:
2021-10-18: initial publication
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search