Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos Platform] Example - How to prevent certain syslog messages from being written to the log file

0

0

Article ID: KB9382 KB Last Updated: 20 Feb 2020Version: 12.0
Summary:

This article describes how to suppress repetitive non-impacting messages, and also provides a method for filtering out these messages into a separate file.

 

Symptoms:

Syslog files fill up with non-impacting messages. In order to keep better control, users need a way to suppress repetitive non-impacting messages from being written to these log files.

 

Solution:

In order to prevent certain syslog messages from being written to the log file, use the match command under the [system syslog] hierarchy to match any Regular Expression. The example below prevents any log message that has the text "PCF" from being written to the messages file. The match command is also available for matching syslog entries sent to a syslog host or to a user.

Example-1

user@lab-re0# show system syslog
user * {
    any emergency;
}
 file messages {
    any notice;
    match "!(.*PCF.*)";
}

Example-2

This example shows how to prevent multiple log entries from getting logged to a file.

user@lab-re0# show system syslog
user * {
     any emergency;
}
file messages {
     any any;
     match "!(.*RT_FLOW_SESSION.*|.*LICENSE_EXPIRED_KEY_DELETED.*)"
}

With this configuration, we can prevent RT_FLOW_SESSION and LICENSE_EXPIRED_KEY_DELETED messages from getting logged into the messages file.

Note: Any log entries that are prevented from being written to the log file will be lost and cannot be recovered.

Example-3

Optionally, if all messages are still required and an easy-to-track file is additionally needed, creating a new syslog file could be helpful.

user@lab-re0# show system syslog
user * {
    any emergency;
}
file messages {
    any notice;
}
file messages_no_PCF {
    any notice;
    match "(.*PCF.*)";
}

This way, you get a small file to look at without having to permanently lose the other messages.

 

Modification History:

2020-02-18: Removed "!" from Example 3.

2020-02-05: Article reviewed for accuracy; minor non-technical changes made; article is correct and complete

 

Related Links

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search