Monitoring System Log Messages

System Log File

Specifies the name of a system log file for which you want to display the recorded events.

Lists the names of all the system log files that you configure.

By default, a log file, messages, is included in the /var/log/ directory.

To specify events recorded in a particular file, select the system log filename from the list—for example, messages.

Event ID

Specifies the event ID for which you want to display the messages.

Allows you to type part of the ID and completes the remainder automatically.

An event ID, also known as a system log message code, uniquely identifies a system log message. It begins with a prefix that indicates the generating software process or library.

To specify events with a specific ID, type the partial or complete ID—for example, TFTPD_AF_ERR.

Text in Event Description

Specifies text from the description of events that you want to display.

Allows you to use regular expressions to match text from the event description.

Note: Regular expression matching is case-sensitive.

To specify events with a specific description, type a text string from the description with regular expression.

For example, type ^Initial* to display all messages with lines beginning with the term Initial.

Process

Specifies the name of the process generating the events you want to display.

To view all the processes running on your system, enter the CLI command show system processes.

For more information about processes, see the JUNOS Software Installation and Upgrade Guide at www.juniper.net/techpubs

To specify events generated by a process, type the name of the process.

For example, type mgd to list all messages generated by the management process.

Start Time

End Time

Specifies the time period in which the events you want displayed are generated.

Displays a calendar that allows you to select the year, month, day, and time. It also allows you to select the local time.

By default, the messages generated in the last hour are displayed. End Time shows the current time and Start Time shows the time one hour before End Time.

To specify the time period:

• Select the Start Time checkbox and select the year, month, date, and time—for example, 02/10/2007 11:32.

• Select the End Time checkbox and select the year, month, date, and time—for example, 02/10/2007 3:32.

To select the current time as the start time, select local time.

Number of Events to Display

Specifies the number of events to be displayed on the View Events page.

By default, the View Events page displays 25 events.

To view a specified number of events, select the number from the list—for example, 50.

OK

Applies the specified filter and displays the matching messages.

To apply the filter, click OK.

Time

Displays the time at which the message was logged.

Process

Displays the name and ID of the process that generated the system log message.

The information displayed in this field is different for messages generated on the local Routing Engine than for messages generated on another Routing Engine (on a system with two Routing Engines installed and operational). Messages from the other Routing Engine also include the identifiers re0 and re1 to identify the Routing Engine.

Event ID

Displays a code that uniquely identifies the message.

The prefix on each code identifies the message source, and the rest of the code indicates the specific event or error.

Displays context-sensitive help that provides more information about the event:

• Help—Short description of the message.
• Description—More detailed explanation of the message.
• Type—Category to which the message belongs.
• Severity—Level of severity.

The event ID begins with a prefix that indicates the generating software process.

Some processes on a switching platform do not use codes. This field might be blank in a message generated from such a process.

An Event can belong to one of the following Type categories:

• Error—Indicates an error or failure condition that might require corrective action.
• Event—Indicates a condition or occurrence that does not generally require corrective action.

Event Description

Displays a more detailed explanation of the message.

Severity

Severity level of a message is indicated by different colors.

• Unknown—Gray—Indicates no severity level is specified.
• Debug/Info/Notice—Green— Indicates conditions that are not errors but are of interest or might warrant special handling.
• Warning—Yellow—Indicates conditions that warrant monitoring.
• Error—Blue— Indicates standard error conditions that generally have less serious consequences than errors in the emergency, alert, and critical levels.
• Critical—Pink—Indicates critical conditions, such as hard drive errors.
• Alert—Orange—Indicates conditions that require immediate correction, such as a corrupted system database.
• Emergency—Red—Indicates system panic or other conditions that cause the switching platform to stop functioning.

A severity level indicates how seriously the triggering event affects switch functions. When you configure a location for logging a facility, you also specify a severity level for the facility. Only messages from the facility that are rated at that level or higher are logged to the specified file.