Juniper Turning On Logging

  • by

Juniper Turning On Logging

You want to monitor all systemwide operations by saving all log messages to a file on the router. Use the following commands to save all log messages to a file called messages:

# set system syslog file  messages  any info

The most common place to save system logging messages is on the router. If you do not configure logging, it is turned on by default and sends messages to the file messages (located in /var/log on M-series and T-series routers and in /cf/var/log on J-series routers). The messages logged are those from all facilities that have a severity notice and all authorization messages. If you were to configure the default settings, the configuration file would look like this:

[edit system syslog]
file messages {
     any notice;
     authorization info;

}

You can specify today’s date and time to list only the most recent messages (match is simply the Unix grep utility):

source@router1> show log messages | match “Apr 26 11:5″
Apr 26 11:54:31 router1 login: LOGIN_INFORMATION: User source logged in from host
172.17.28.19 on device ttyp1
Apr 26 11:54:34 router1 mgd[29108]: UI_DBASE_LOGIN_EVENT: User ‘source’ entering
configuration mode
Apr 26 11:56:13 router1 mgd[29108]: UI_DBASE_LOGOUT_EVENT: User ‘source’ exiting
configuration mode
Apr 26 11:57:52 router1 mgd[28332]: UI_DBASE_LOGOUT_EVENT: User ‘source’ exiting

configuration mode

If you want to find out who has logged in to the router today, you can set up a chain of filters:

source@router1> show log messages | match LOGIN | match “Mar 16”
Mar 16 11:00:53 router1 login: LOGIN_INVALID_LOCAL_USER: No entry in local password
file for user pwd
Mar 16 11:00:54 router1 login:
LOGIN_PAM_AUTHENTICATION_ERROR: PAM auhentication
error for user pwd
Mar 16 11:00:54 router1 login: LOGIN_FAILED: Login failed for user pwd from host
Mar 16 11:00:55 router1 login: LOGIN_INFORMATION: User root logged in from host
[unknown] on device ttyd0
Mar 16 21:57:59 router1 login: LOGIN_INFORMATION: User source logged in from host
172.17.28.108 on device ttyp0
Mar 16 21:58:04 router1 mgd[4102]: UI_DBASE_LOGIN_EVENT: User ‘source’ entering

configuration mode

Juniper Turning Off Logging

You no longer want to record system log messages in a file.

To stop recording system log messages, mark the configuration statements so that they do not take effect:

[edit system syslog]
source@router1# deactivate system syslog file messages

source@router1# commit

The best way to stop recording system log messages to a particular logging file is to deactivate that portion of the configuration. Doing this leaves the configuration statements in the configuration but marks them as inactive:

[edit system syslog]
source@router1# show
inactive: file messages {
    any notice;
    archive world-readable;
    explicit-priority;

}

If you type the show command one level lower in the configuration hierarchy, you see an even longer reminder that this portion of the configuration has been deactivated:

[edit system syslog file messages]
source@router1# show
##
## inactive: file messages

##

Another way to turn off logging is to delete the configuration statements from the configuration:

[edit system syslog]
source@router1# delete system syslog file messages

source@router1# commit

The advantage of deactivating rather than deleting is that you can still see the configuration statements. If the problem you were investigating recurs later, you can remove the inactive: tag to start collecting those system log messages again:

[edit system syslog]
source@router1# activate system syslog file messages

source@router1# commit

 

Leave a Reply