08: System Logging, Tracing, NTP and SNMP

Junos uses Unix Syslog-style messages. The primary log file by default is ‘/var/log/messages’.

Numerous facilities and severity levels are supported.

• The facility determines the class of log message
• The severity determines the level of logging detail

Remote logging and archiving is available and recommended for troubleshooting.

Syslog Configuration Example

Syslog is configured at the ‘edit system syslog’ hierarchy and the ‘edit routing-options option syslog’ hierarchy.

Factory Defaults

user * {
    any emergency;
}

Example

Send Syslog messages to a remote host configured to receive Syslog messages.

host 10.210.14.174 {
    any notice;
    authorization info;
}
file messages {
    any any;
    authorization info;
}
file interactive-commands {
    interactive-commands any;
}

Configure the name of the log file and what to log into them.

file config-changes {
    change-log info;
}

Other Configuration Options

• archive
• console
• facility
• severity
• files <number>

Interpreting Syslog Messages

Apr  7 10:26:53  router mgd[95742]: UI_DBASE_LOGOUT_EVENT: User 'user'
    exiting configuration mode

• ‘router’ is the hostname generating the message
• ‘UI_DBASE_LOGOUT_EVENT’ is the message-code

By default, messages do not include the priority. To add the priority, add this under the ‘system syslog file <filename>’ hierarchy;

facility severity;
explicit-priority;

‘0’ indicates the highest priority, or ‘emergency’ message severity. ‘7’ is the lowest, or ‘debug’.

Traceoptions

Enable tracing under the ‘system tracing’ hierarchy. Enable logging to a remote Syslog server as;

system {
    tracing {
        destination-override syslog host x.x.x.x;
    }
}

Logs are written to ‘/var/log/<file-name>’ or a remote server. If a remote server is specified and a local filename is not, Junos may warn that no file has been specified. It is safe to ignore the warning if remote logging is configured.

Tracing can be enabled safely in a production network; it does not hugely impact performance. Tracing should still be turned off when not needed, to conserve resources.

This example provides details on events and errors in OSPF;

protocols {
    ospf {
        traceoptions {
            file ospf-trace size 128k files 10 no-world-readable;
            flag event detail;
            flag error detail;
        }
    }
}

Traceoptions are also available for the interface process. Tracing information is placed in the system’s ‘messages’ file. By default, ‘/var/log/dcd’ is used for global interface tracing.

Viewing Log Files

Use;

show log <file-name>

to view log file contents. Enter ‘h’ at the ‘more’ prompt for full options.

Realtime Log Information

Use the monitor start CLI command to monitor a file in realtime (like tail -f). List files which can be monitored with monitor list. Pipe commands can also be used here to filter the output.

Use Esc+q to halt and resume real time output. Use monitor stop to cease all monitoring.

To delete all traceoptions at a given hierarchy, run ‘delete traceoptions’ at that hierarchy.

Truncating Files

Use the clear log <file-name> command to truncate a log file. Other file operations, in particular delete, can also be used.

Configuring NTP

NTP ensures that log messages have meaningful timestamps and can be correlated between devices.

Stratum 1 is provided by atomic clock sources. Junos cannot provide a primary time reference. Junos does support client, server, broadcast and symmetric active modes. MD5 and SHA authentication is supported and recommended.

Two machines can synchronise only when their current clocks are relatively close. The clock should initially be set by a boot server. The set date ntp <address> command runs as a substitute for a boot server.

show ntp associations shows the current synchronisation status.

Configuring SNMP

Junos supports SNMP 1, 2c and 3.