How to Include Severity Values in Junos Syslog Messages

By Walter J. Goralski, Cathy Gadecki, and Michael Bushong from JUNOS OS For Dummies, 2nd Edition

When managing a network of Junos devices, you often have two separate files with logging information in them: a messages file with all syslog events with a severity of notice or higher, and a security file with all authorization events with a severity of info or higher.

Even with this separation, the syslog messages can still be cumbersome to sift through when viewing the files from the device. What if you want to view the messages file, but you want to see only events of severity warning or higher? The severity value doesn’t appear in any of the syslog events.

To include both the syslog facility and the severity values in each message, configure the explicit-priority statement:

[edit system]
syslog {
  file messages {
    any notice;
    explicit-priority;
  }
  file security {
    authorization info;
  }
}

This syslog configuration includes the facility and severity values for all the syslog messages included in the messages file. Now you can view the log file and see only the messages of severity warning or higher:

user@my-device> show log messages | match -4-
Nov 30 16:07:10 my-device mib2d[4365]: %DAEMON-4-SNMP_TRAP_LINK_DOWN: ifIndex
    196, ifAdminStatus up(1), ifOperStatus down(2), ifName at-1/0/1

In this output, you filter the messages and retrieve only the message that has -4-. This filter returns the SNMP link category “link down” trap, which has a facility of DAEMON and a severity of 4. Using the explicit-priority configuration statement, you can make your log files substantially easier to parse.