Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] How to send selected syslog to the other Routing Engine

1

0

Article ID: KB37238 KB Last Updated: 21 Jul 2021Version: 1.0
Summary:

There are use cases that require monitoring certain syslog messages that appear on the backup Routing Engine (RE) from the primary RE or vice versa. For example, you may want to copy only emergency daemon messages from one RE to the other or copy only messages with a matched string to the other RE.

This article demonstrates how this is done with the help of a few configuration examples and test cases in the lab environment.

Symptoms:

Consider the following two user requirements to send syslog from one RE to the other:

  • Send only messages from the facility daemon with a severity level of emergency.

  • Send only messages within which a matched string "dop->do_refcount != 0" is found.

Solution:

Use case 1

The following configuration example serves this purpose. Suppose that you want to copy emergency daemon messages from the primary RE to the backup RE. The same configuration can be applied to the backup RE if you want to do this the other way around, that is copy from the backup RE to the primary RE.

{MASTER}[edit system syslog host other-routing-engine]
labroot@re0# show |display set    
set system syslog host other-routing-engine daemon emergency

To verify that the above knob works, on the primary RE shell, you can fake a DAEMON-0 message by using the logger command.

labroot@re0> start shell 
% logger -p daemon.0 "this is a fake emergency message"

On the backup RE syslog, you can see that the following log entry has been copied:

labroot@re1# run show log messages|match emergency 
Jun 18 10:15:35.096  re1 : %DAEMON-0: re0 Jun 18 10:15:35.094 re0 labroot: this is a fake emergency message

Use case 2

The recommended configuration varies between Junos OS versions. This is because starting from Junos OS Release 16.1, a less-CPU-intensive knob "match-strings" has been introduced for string matching purposes. Therefore, for Junos OS Releases 16.1 and later, you can use the following configuration if you want to copy matched syslog from the primary RE to the backup RE.

{MASTER}[edit system syslog host other-routing-engine]
labroot@re0# show|display set 
set system syslog host other-routing-engine any any
set system syslog host other-routing-engine match-strings "dop->do_refcount != 0"

The lab test case is given below:

{MASTER}
labroot@alcoholix-re0> start shell
% logger -p external.info "dop->do_refcount != 0"

When you check the backup RE, you can see that the corresponding syslog entry has been copied:

labroot@re1# run show log messages|match re0     
Jun 18 08:22:09.466  re1 : %EXTERNAL-6: re0 Jun 18 08:22:09.466 re0 labroot: dop->do_refcount != 0

For Junos OS Releases prior to 16.1, only the regex match knob is available. So the following configuration sample should be used:

{MASTER}[edit system syslog host other-routing-engine]
labroot@re0# show|display set 
set system syslog host other-routing-engine any any
set system syslog host other-routing-engine match dop->do_refcount.*=.0

The lab test shows a similar result:

{MASTER}
labroot@alcoholix-re0> start shell
% logger -p external.info "dop->do_refcount != 0"

When you check the backup RE, you can see that the corresponding syslog entry has been copied:

labroot@re1# run show log messages|match re0     
Jun 18 08:22:15.418  re1 : %EXTERNAL-6: re0 Jun 18 08:22:10.557 re0 labroot: dop->do_refcount != 0
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search