Configuration is done under edit system syslog hierarchy. First, I will configure logging for interactive commands. They will be logged in the file named “commands”:
set system syslog file commands interactive-commands info set system syslog file commands match UI_CMDLINE_READ_LINE
To view contents of the log file, use show log [filename] command in operational mode.
Time to log ospf neighbor state changes:
set system syslog file ospf-nbr any any set system syslog file ospf-nbr match RPD_OSPF_NBR
Notice, that I used severity any, because RPD_OSPF_NBRDOWN and RPD_OSPF_NBRUP have different severities. (“notice” and “info” respectively)
And finally, login messages:
set system syslog file auth any any set system syslog file auth match LOGIN
You can set log file size, number of archived files using set system syslog archive command
And of course, do not forget to send your logs to your syslog server 😉
set system syslog host [hostname] [facility] [level]
On data center SRX series gateways if you want to log security related stuff, such as screens, security policies etc, you have two options:
- Send logs from the data plane to the control plane, but if you have high number of events, it will be resource consuming.
- Stream logs syslog server.
Example configuration of SRX data center series for logging:
misha@SRX1-LAB# show security log | display set set security log source-address 10.0.1.1 set security log stream screen_log host 10.0.1.5
Note: If you want to explore all match arguments (such as UI_CMDLINE, RPD_OSPF etc.), and optimize log files,
go to Juniper.net -> Support -> Technical Documentation -> Junos OS -> Choose version of Junos you have -> System Log Messages Reference.