Configuring Syslog on Juniper

I will give an example of setting up Juniper logging to the syslog server, for convenience, to view the logs of all devices in one place, and it will also be possible to disable logging to the device’s memory to save its memory.

An example of specifying the IP address of the Syslog server, as well as the events to be sent:

set system syslog host user info
set system syslog host change-log notice
set system syslog host ?

Using the QFX5100 as an example, let’s see what is written to the files and remove the settings so that it is not written:

edit system syslog
delete file messages
delete file interactive-commands

Now let’s specify sending the same logs to the syslog server:

set host any notice
set host authorization info
set host interactive-commands notice

Let’s see and make sure that no information is written to these files:

run show log messages | last 100
run show log interactive-commands | last 100

Let’s look at the date of all the logs to make sure that nothing else is written to the internal memory of the device:

run show log ?

An example of viewing logs on MX204:

run show log chassisd | last 100
run show log jddosd | last 100
run show log messages | last 100

If necessary, specify the IP address from which Juniper will send logs:

set system syslog source-address

You can add milliseconds or a year to the logs:

set system syslog time-format ?

Let’s see the settings we made:

show system syslog
show | compare

And apply:

commit check
commit comment "set syslog host"

See also my articles:
Installing Rsyslog + Loganalyzer + MySQL
See my other articles about Juniper

Leave a comment

Leave a Reply