Syslog Configuration
System logging, or syslog, is a commonly implemented standard for managing and monitoring devices in a network. In many ways, syslog behaves similarly to SNMP traps. When specific events occur, syslog triggers messages that are logged on the local chassis and that are typically also sent to a syslog server. While syslog does have a number of recognized limitations, it is appropriate for multivendor environments because it is standardized by the Internet Engineering Task Force (IETF) and is widely supported among network hardware vendors.
Syslog in JUNOS
In a JUNOS system, logs can be stored on the local chassis, written to the
screen of an active user, or written to a remote device. In the
following configuration sample, user Pike_Vaughn
sees syslog messages of facility
(category) any
and severity info
on his screen when he is logged into the
chassis. The host machine at 192.168.17.17 receives system log notices
sourced from IP address 10.0.0.5.
As with SNMP, defining the source IP is critical because many
syslog servers filter entries based on their source. Definition of
source IP is also necessary if you use event correlation tools to parse
and analyze entries written to a syslog server. Without a specified
source-address
, the outbound
interface is used as the source of the syslog send
back to the server. Depending on what
form of management is used (in-band versus OoB), that OoB interface
could potentially change in times of network trouble:
[edit system syslog] ...
Get JUNOS High Availability now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.