Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

 

Related Documentation

 

Examples: Configuring System Logging

The system log provides an excellent way of tracking all management activity on the switch by recording events such as user authentication, access authorization, and command execution. Logged command executions include commands entered by users at the CLI prompt or by client applications such as the Junos XML protocol or NETCONF XML client. Because system log files contain information about commands executed on the switch and the user who executed the commands, checking system log files for failed authentication events can help identify attempts to hack in to the switch. You can also analyze network activity by correlating executed commands with events and changes that occurred on the network at a particular time.

System log files are stored locally on the switch in the default /var/log directory.

The following example shows how to configure system log messages to record all commands entered by users and all authentication or authorization attempts. Logged commands include those entered by users at the CLI prompt and by client applications. Authentication and authorization attempts include events that are saved in the file named cli-commands and those that are sent to the terminal of a user who is logged in.

[edit system]
syslog {file cli-commands {interactive-commands info;authorization info;}user * {interactive-commands info;authorization info;}}

The following example shows how to log all alarms state changes to the file /var/log/alarms:

[edit system]
syslog {file alarms {kernel warning;}}

The following example shows how to configure the handling of messages of various types, as described in the comments. Information is logged to two files, to the terminal of user alex, to a remote machine, and to the console:

[edit system]
syslog {/* write all security-related messages to file /var/log/security */file security {authorization info;interactive-commands info;}/* write messages about potential problems to file /var/log/messages: *//* messages from “authorization” facility at level “notice” and above, *//* messages from all other facilities at level “warning” and above */file messages {authorization notice;any warning;}/* write all messages at level “critical” and above to terminal of user “alex” if *//* that user is logged in */user alex {any critical;}/* write all messages from the “daemon” facility at level “info” and above, and *//* messages from all other facilities at level “warning” and above, to the *//* machine monitor.mycompany.com */host monitor.mycompany.com {daemon info;any warning;}/* write all messages at level “error” and above to the system console */console {any error;}}

The following example shows how to configure the handling of messages generated when users issue Junos OS CLI commands, by specifying the interactive-commands facility at the info, notice, and warning severity levels:

[edit system]
file user-actions {interactive-commands info;}user philip {interactive-commands notice;}console {interactive-commands warning;}}

The following list describes the security levels used in the example:

  • info—Logs a message when users issue any command at the CLI operational or configuration mode prompt. The example writes the messages to the file /var/log/user-actions.
  • notice—Logs a message when users issue the configuration mode command commit. The example writes the messages to the terminal of user philip.
  • warning—Logs a message when users issue a command that restarts a software process. The example writes the messages to the console.
 

Related Documentation

 

Published: 2014-07-23

Supported Platforms

 

Related Documentation

 

Published: 2014-07-23

Previous Page Next Page