Logs play an important role in identifying and fixing troubles. In Juniper devices, there are different ways to configure logs. You can configure a Juniper device to send log messages to log server in the network or within the device. JunOS is heart of Juniper devices and works just perfect. Today I will show you how to configure logs in Juniper SRX within the device.
Configure Logs in Juniper SRX
You can configure logs in JunOS at [edit system syslog] hierarchy. Different types of logs can be configured to check different logs. Now, let’s start with the factory default logs configuration. When the device is fresh installed with latest version of JunOS, there are three types of logs configured by default. You can view the log by typing show system syslog command in configuration mode.
[edit] root@MustBeGeek# show system syslog syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } }As you can see the factory default configuration has 3 default log configured. Two logs are sent to files whereas one log is displayed to user logged in. Every log has facility level and severity level. Facility level means the type of log message being sent and severity level means type of importance of the log. The first log defined above shows facility level of any with severity level of emergency which is displayed to user logged in the device. The second log has facility level as Authorization and severity level of Info and sent to the file named messages. The third log has facility level of interactive-commands and severity level of any and is sent to the file named interactive-commands.
Apart from default logs, you might want to have your own control on logs being sent to files. Let’s create log for policy sessions from untrust zone to trust zone. First you have to specify session-init, session-close command under security policy.
Now let’s configure log file under [edit system syslog] hierarchy. We will configure the file named SessionsLog that will have RT_FLOW_SESSION keyword. You can configure different parameters for different types of logs. You can also configure different expressions for meeting your need. Here we will use match RT_FLOW_SESSION expression to log session messages.
[edit system syslog] root@MustBeGeek# set file SessionsLog any any [edit system syslog]root@MustBeGeek# set file SessionsLog match RT_FLOW_SESSION [edit system syslog]
root@MustBeGeek# set file SessionsLog archive size 1m files 3 [edit system syslog]
root@MustBeGeek# show user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } file SessionsLog { any any; match RT_FLOW_SESSION; archive size 1m files 3; }
Some useful commands for viewing and maintaining logs are:-
1. You can now view the logs by typing following commands in operational mode.
root@MustBeGeek> show log SessionsLog
2. You can also view real-time log messages of the log file by typing following command in operational mode.
root@MustBeGeek> monitor start SessionsLog
3. The log files are in /cf/var/log location. You can view the log files by typing following command. The command will show the list of configured log files.
root@MustBeGeek> file list /cf/var/log
4. To delete log files from here issue following command,
root@MustBeGeek> file delete /cf/var/log/SessionsLog
5. You can also delete log files and some temporary files by typing following command.
root@MustBeGeek> request system storage cleanup
You may also like -
Latest posts by Bipin (see all)
- Install Exchange 2019 in Windows Server 2019 - November 28, 2020
- Why Backup your Microsoft Office 365 - November 27, 2020
- What’s New in VMware vSphere 7 - September 18, 2020