4.2 Logging & Traceoptions
Key Takeaways
- Junos system logging is configured under `[edit system syslog]` and routes messages by facility (what generated it) and severity (how serious)
- Severity ordering from least to most severe is emergency, alert, critical, error, warning, notice, info, then any/none as special selectors
- The default Junos log file is `/var/log/messages`; custom files are defined under `system syslog file <name>`
- `traceoptions` is Junos debugging: it writes detailed protocol or process events to a named trace file with flags and a size/file limit
- `monitor start <file>` and `monitor log <file>` stream a log file live; `show log <file>` displays it statically
System Logging (Syslog) Fundamentals
Junos uses syslog to record what the device is doing. Logging is configured under the [edit system syslog] hierarchy. Two concepts control which messages are recorded and where they go:
- Facility - the source or category of the message (for example
authorization,kernel,daemon,interactive-commands,firewall, or the wildcardany). - Severity - how serious the message is. When you set a severity, Junos records messages at that level and all more severe levels.
Messages can be sent to a local file, the console, a logged-in user, or a remote syslog host.
[edit system syslog]
user@router# show
file messages {
any notice;
authorization info;
}
host 192.0.2.50 {
any warning;
}
user * {
any emergency;
}
The example writes all facilities at notice or worse to the messages file, sends warnings to a remote collector, and broadcasts emergency messages to every logged-in user.
Severity Levels
Knowing the severity order is a frequently tested fact. From least severe to most severe:
| Keyword | Meaning |
|---|---|
emergency | System is unusable |
alert | Immediate action required |
critical | Critical conditions |
error | Error conditions |
warning | Warning conditions |
notice | Normal but significant events |
info | Informational messages |
any | Selector matching all severities |
none | Selector disabling logging for a facility |
Setting a facility to error captures error, critical, alert, and emergency messages but not warning, notice, or info. any is a selector that matches every severity; none explicitly turns logging off for a facility (useful to exclude one noisy facility while keeping any).
Where Logs Live and How to Read Them
Log files are stored in /var/log/. The default catch-all file on most platforms is /var/log/messages. The name you reference in show log matches the file name configured under system syslog file <name>.
Viewing options:
| Command | Behavior |
|---|---|
show log | List the log files in /var/log |
show log messages | Display the contents of the messages file (static) |
| `show log messages | last 20` |
| `show log messages | match error` |
monitor start messages | Begin streaming new lines from the file live |
monitor log messages | Alias to stream the named log file live |
monitor stop | Stop all active monitor streams |
Use show log for after-the-fact analysis and monitor start/monitor log when you need to watch events as they happen, such as during a configuration change.
Traceoptions: Junos Debugging
While syslog records general system events, traceoptions is the Junos equivalent of debugging: it writes detailed, flag-selected diagnostic events for a specific protocol or process to its own trace file. Traceoptions can be configured under many hierarchies, such as [edit protocols ospf traceoptions] or [edit interfaces traceoptions].
[edit protocols ospf traceoptions]
user@router# show
file ospf-trace size 1m files 3;
flag hello detail;
flag error;
Key elements:
file <name>- the trace output file, written to/var/log/sizeandfiles- rotate the trace file at a size limit, keeping N archived copies, to protect storageflag <type>- which event categories to trace (for examplehello,error,state);flag alltraces everything but is storage-heavy
Because traceoptions are verbose and consume storage and CPU, you enable them for troubleshooting, capture the needed data with monitor start <file> or show log <file>, and then delete the traceoptions configuration when finished.
A facility is configured with severity error in the syslog file stanza. Which messages are recorded?
What is the primary difference between Junos traceoptions and standard system syslog logging?
Which command lets an operator watch new lines being written to the messages log file in real time?