Categories and Severity Levels for Event Messages
In the logging configuration, you can specify a filter for each type of log. This filter can include an expression that defines the categories and severity levels of event messages that the software saves.
Defining Categories
The category of an event message defines the SRC component that generated the event message. If you want to view only event logs in a specific category, you can define a variable <category>, which is a text string that matches the name of a category. This variable is not case sensitive. To view the names of categories for event messages, view a log file for one of the default filters.
For example, the category Cops defines event messages generated by the COPS server. Similarly, the category CopsMsg defines a particular sort of event message that the COPS server generates.
Juniper Networks Customer Service can also provide names of categories, especially for troubleshooting purposes.
Defining Severity Levels
The event filter provides 128 levels of severity numbered 1-127. A higher number indicates a higher level of severity. Common levels of severity also have a specific name, as shown in Table 4.
You can define a severity level as follows:
- info-warning—Defines messages of minimum severity level of info and a maximum severity level of warning
- Accept the default minimum (logmin) or maximum (logmax) severity by omitting the minimum or maximum severity. For example:
- info-—Defines messages of minimum severity level info and maximum severity level logmax
- -warning—Defines messages of minimum severity level logmin and maximum severity level warning
The syntax for the severity takes the format:
[<severity>] | [<minimumSeverity>]-[<maximumSeverity>]
Use either the name or the number of a severity level shown in Table 4 for the variables in this syntax.
Defining Filters
You specify a filter by defining an expression with the following format:
- singlematch—[!] ( <category> | ([<category>]/[<severity>] | [<minimumSeverity>]-[<maximumSeverity>] ))
- !—Do not log matching events
- <category>—See Defining Categories
- [<severity>] | [<minimumSeverity>]-[<maximumSeverity>]—See Defining Severity Levels.
The software filters events by evaluating each subexpression in order from left to right. When the software determines that an event message matches a subexpression, the software logs or ignores the message accordingly. You can specify an unlimited number of subexpressions; however, the order in which you specify the subexpressions affects the result.
Table 5 shows some examples of filters.
All messages from COPS category, except those from CopsMsg category with level less than info