4.2 Logging & Traceoptions

Key Takeaways

  • Junos system logging is configured under `[edit system syslog]` and routes messages by facility (what generated it) and severity (how serious)
  • Severity ordering from least to most severe is emergency, alert, critical, error, warning, notice, info, then any/none as special selectors
  • The default Junos log file is `/var/log/messages`; custom files are defined under `system syslog file <name>`
  • `traceoptions` is Junos debugging: it writes detailed protocol or process events to a named trace file with flags and a size/file limit
  • `monitor start <file>` and `monitor log <file>` stream a log file live; `show log <file>` displays it statically
Last updated: May 2026

System Logging (Syslog) Fundamentals

Junos uses syslog to record what the device is doing. Logging is configured under the [edit system syslog] hierarchy. Two concepts control which messages are recorded and where they go:

  • Facility - the source or category of the message (for example authorization, kernel, daemon, interactive-commands, firewall, or the wildcard any).
  • Severity - how serious the message is. When you set a severity, Junos records messages at that level and all more severe levels.

Messages can be sent to a local file, the console, a logged-in user, or a remote syslog host.

[edit system syslog]
user@router# show
file messages {
    any notice;
    authorization info;
}
host 192.0.2.50 {
    any warning;
}
user * {
    any emergency;
}

The example writes all facilities at notice or worse to the messages file, sends warnings to a remote collector, and broadcasts emergency messages to every logged-in user.

Severity Levels

Knowing the severity order is a frequently tested fact. From least severe to most severe:

KeywordMeaning
emergencySystem is unusable
alertImmediate action required
criticalCritical conditions
errorError conditions
warningWarning conditions
noticeNormal but significant events
infoInformational messages
anySelector matching all severities
noneSelector disabling logging for a facility

Setting a facility to error captures error, critical, alert, and emergency messages but not warning, notice, or info. any is a selector that matches every severity; none explicitly turns logging off for a facility (useful to exclude one noisy facility while keeping any).

Where Logs Live and How to Read Them

Log files are stored in /var/log/. The default catch-all file on most platforms is /var/log/messages. The name you reference in show log matches the file name configured under system syslog file <name>.

Viewing options:

CommandBehavior
show logList the log files in /var/log
show log messagesDisplay the contents of the messages file (static)
`show log messageslast 20`
`show log messagesmatch error`
monitor start messagesBegin streaming new lines from the file live
monitor log messagesAlias to stream the named log file live
monitor stopStop all active monitor streams

Use show log for after-the-fact analysis and monitor start/monitor log when you need to watch events as they happen, such as during a configuration change.

Traceoptions: Junos Debugging

While syslog records general system events, traceoptions is the Junos equivalent of debugging: it writes detailed, flag-selected diagnostic events for a specific protocol or process to its own trace file. Traceoptions can be configured under many hierarchies, such as [edit protocols ospf traceoptions] or [edit interfaces traceoptions].

[edit protocols ospf traceoptions]
user@router# show
file ospf-trace size 1m files 3;
flag hello detail;
flag error;

Key elements:

  • file <name> - the trace output file, written to /var/log/
  • size and files - rotate the trace file at a size limit, keeping N archived copies, to protect storage
  • flag <type> - which event categories to trace (for example hello, error, state); flag all traces everything but is storage-heavy

Because traceoptions are verbose and consume storage and CPU, you enable them for troubleshooting, capture the needed data with monitor start <file> or show log <file>, and then delete the traceoptions configuration when finished.

Test Your Knowledge

A facility is configured with severity error in the syslog file stanza. Which messages are recorded?

A
B
C
D
Test Your Knowledge

What is the primary difference between Junos traceoptions and standard system syslog logging?

A
B
C
D
Test Your Knowledge

Which command lets an operator watch new lines being written to the messages log file in real time?

A
B
C
D