Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos Platform] Example - How to prevent certain syslog messages from being written to the log file

0

0

Article ID: KB9382 KB Last Updated: 09 Nov 2016Version: 10.0
Summary:

This article describes how to suppress repeating non-impacting messages, and also a method for filtering out messages into a separate file.

Symptoms:

Syslog files fill up with non-impacting messages. In order to keep a better overview in the log files, users need a way to suppress repeating non-impacting messages from being written to log files.

Solution:

In order to prevent certain syslog messages from being written to the log file, use the match command under  the [system syslog] hierarchy to match any Regular Expression. The example below prevents any log message that has the text "PCF" from being written to the messages file.  The match command is also available for matching syslog entries sent to a syslog host or to a user.

Example-1

user@ankara-re0# show system syslog
user * {
    any emergency;
}

 file messages {
    any notice;
    match "!(.*PCF.*)";
}


Example-2

This example shows how to set prevent multiple log entries getting logged to a file.

user@ankara-re0# show system syslog
user * {
     any emergency;
}
file messages {
     any any;
     match "!(.*RT_FLOW_SESSION.*|.*LICENSE_EXPIRED_KEY_DELETED.*)"
}

With this config we can prevent RT_FLOW_SESSION and LICENSE_EXPIRED_KEY_DELETED messages getting logged into messages file.

 
Note: Any log entries that are prevented from being written to the log file will be lost and cannot be recovered.


Example-3

Optionally, should all messages are still required, while an easy-to-track file is additinally needed, create a new syslog file could be helpful.

user@ankara-re0# show system syslog
user * {
    any emergency;
}
file messages {
    any notice;
}
file messages_no_PCF {
    any notice;
    match "!(.*PCF.*)"
;
}

This way you get a small file to look at without having to permanently lose the other messages.

Related Links

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search