11.2.8.2. Log management settings using the Syslog function

Operation Confirmed Version:
 vSRX Version15.1X49-D105.1

Log management settings using the Syslog function are described in this section. When event or error detection by the system occurs or detection of failure caused by an external factor occurs, the corresponding logs are output. The setting for saving these logs and linkage with a Syslog server are described.

Note

  • It has been identified that the CPU values of the control plane tend to become high under specific scenarios when ver.15.1X49D105.1 is used. For occurrence conditions and details to note, refer to Points to note when using ver.15.1X49D105.1 .

Syslog message save method

Make settings to save Syslogs.

Presumed case for sample setting

  • To save Syslog in the apparatus

  • To acquire the log of a command entered with the command prompt by a Syslog user

Note

At the time of the initial deployment, Syslog needs to be written in the messages and interactive-commands files. Therefore, make additional settings as needed.

Setting flow in a presumed case

1.Set the file name of Syslog as test_cli_command_syslog.
2.Make a setting for acquiring all information entered with the command line, in terms of log acquisition.

Command to be entered with CLI

user01@vSRX-02# set system syslog file test_cli_command_syslog interactive-commands any

The configuration after completion of appropriate settings is as follows.

system {
    syslog {
        file test_cli_command_syslog {
            interactive-commands any;
        }
    }
}

Operation check result

Execution of a “show log test_cli_command_syslog” command through the command prompt allowed to confirm set Syslog information

user01@vSRX-02> show log test_cli_command_syslog
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_COMMIT_PROGRESS: Commit operation in progress: notifying daemons of new configuration
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_COMMIT_PROGRESS: Commit operation in progress:  notifying eventd(104)
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Event processing process', pid 1238, signal 1, status 0 with notification errors enabled
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_COMMIT_PROGRESS: Commit operation in progress: ssync begins
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_COMMIT_PROGRESS: Commit operation in progress: ssync ends
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_COMMIT_PROGRESS: Commit operation in progress: commit complete
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_COMMIT_COMPLETED: commit complete
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Alarm control process', pid 1469, signal 30, status 0 with notification errors enabled
Sep 26 22:04:29  vSRX-02 mgd[1728]: UI_DBASE_LOGOUT_EVENT: User 'nos-user01' exiting configuration mode
Sep 26 22:04:38  vSRX-02 mgd[1728]: UI_CMDLINE_READ_LINE: User 'nos-user01', command 'show log test_cli_command_syslog '

user01@vSRX-02>

Setting for transmitting Syslog messages to an external Syslog server

Make settings for transmitting Syslog information to an external server

Presumed case for sample setting

  • To acquire info-level information on all facilities, acquirable with Syslog

  • To save acquired log information in an external Syslog server (192.168.2.15)

Command to be entered with CLI

user01@vSRX-02# set system syslog host 192.168.2.15 any info
user01@vSRX-02# set system syslog host 192.168.2.15 source-address 192.168.2.102

The configuration after completion of appropriate settings is as follows.

system {
    syslog {
        host 192.168.2.15 {
            any info;
            source-address 192.168.2.102;
        }
    }
}

The packet capture below allowed to confirm that Syslog can be transmitted to Syslog server (192.168.2.15).

Packet capture screen of Syslog server (192.168.2.15)

Rotation specifications of log files

  • As the default, check is performed at an interval of 15 minutes. Excess of 1 MB results in rotation and storage up to the 10th generation.

  • To discretely change the number of generations and the size, use two kinds of commands. Setting of “file” is given a higher priority.

Command to be entered with CLI

# set system syslog archive **
# set system syslog file filename archive **