[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Categories and Severity Levels for Event Messages

In the logging configuration, you can specify a filter for each type of log. This filter can include an expression that defines the categories and severity levels of event messages that the software saves.

Defining Categories

The category of an event message defines the SRC component that generated the event message. If you want to view only event logs in a specific category, you can define a variable <category>, which is a text string that matches the name of a category. This variable is not case sensitive. To view the names of categories for event messages, view a log file for one of the default filters.

For example, the category Cops defines event messages generated by the COPS server. Similarly, the category CopsMsg defines a particular sort of event message that the COPS server generates.

Juniper Networks Customer Service can also provide names of categories, especially for troubleshooting purposes.

Defining Severity Levels

The event filter provides 128 levels of severity numbered 1-127. A higher number indicates a higher level of severity. Common levels of severity also have a specific name, as shown in Table 4.

CAUTION: Enabling the generation of debug log messages has a negative affect on system performance. Do not enable debug log messages unless you are instructed to do so by Juniper Networks Technical Assistance Center (JTAC).




Table 4: Named Severity Levels  
Name
Severity Level

logmin

1

debug

10

info

20

notice

30

warning

40

error

50

crit

60

alert

70

emerg

80

panic

90

logmax

127


You can define a severity level as follows:

The syntax for the severity takes the format:

[<severity>] | [<minimumSeverity>]-[<maximumSeverity>]

Use either the name or the number of a severity level shown in Table 4 for the variables in this syntax.

Defining Filters

You specify a filter by defining an expression with the following format:

singlematch [,singlematch]*

The software filters events by evaluating each subexpression in order from left to right. When the software determines that an event message matches a subexpression, the software logs or ignores the message accordingly. You can specify an unlimited number of subexpressions; however, the order in which you specify the subexpressions affects the result.

Table 5 shows some examples of filters.



Table 5: Examples of Filters for Event Messages  
Syntax
Event Messages Saved

/

All event messages

/info-

Event messages of level info and above from all categories

Cops/debug

Debug events from COPS category only

!Cops,/debug

All debug events except those from COPS category

CopsMsg/info-,!CopsMsg,Cops

All messages from COPS category, except those from CopsMsg category with level less than info



[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]