Knowledge Search


×
 

[Junos Platform] Example - How to prevent certain syslog messages from being written to the log file

  [KB9382] Show Article Properties


Summary:

This article describes how to suppress repeating non-impacting messages, and also a method for filtering out messages into a separate file.

Symptoms:

Syslog files fill up with non-impacting messages. In order to keep a better overview in the log files, users need a way to suppress repeating non-impacting messages from being written to log files.

Solution:

In order to prevent certain syslog messages from being written to the log file, use the match command under  the [system syslog] hierarchy to match any Regular Expression. The example below prevents any log message that has the text "PCF" from being written to the messages file.  The match command is also available for matching syslog entries sent to a syslog host or to a user.

Example-1

user@ankara-re0# show system syslog
user * {
    any emergency;
}

 file messages {
    any notice;
    match "!(.*PCF.*)";
}


Example-2

This example shows how to set prevent multiple log entries getting logged to a file.

user@ankara-re0# show system syslog
user * {
     any emergency;
}
file messages {
     any any;
     match "!(.*RT_FLOW_SESSION.*|.*LICENSE_EXPIRED_KEY_DELETED.*)"
}

With this config we can prevent RT_FLOW_SESSION and LICENSE_EXPIRED_KEY_DELETED messages getting logged into messages file.

 
Note: Any log entries that are prevented from being written to the log file will be lost and cannot be recovered.


Example-3

Optionally, should all messages are still required, while an easy-to-track file is additinally needed, create a new syslog file could be helpful.

user@ankara-re0# show system syslog
user * {
    any emergency;
}
file messages {
    any notice;
}
file messages_no_PCF {
    any notice;
    match "!(.*PCF.*)"
;
}

This way you get a small file to look at without having to permanently lose the other messages.

Related Links: