How to Configure System and Trace Logging in Junos
When something goes wrong on your Junos network, you need logs to help you identify and fix the problem. You can set up two types of logging on a Junos OS device to record events as they happen:
System logging (syslog), which records device-wide events of importance
Trace logging (tracing), which zooms in on events relating to a specific area such as a routing protocol operation
You don’t really want to watch and record everything with maximum syslogs and every possible tracing function. Instead, you really need to look for events that indicate things may be going haywire, and then focus on just the areas that might be the cause.
For this reason, a lot of operators set up syslog files to capture anything that might be going wrong, and then use the tracing process to look at that particular area.
Configuring syslog is straightforward: You configure the file in which to store the logs, the type of events you want to track, and the event severity. In terms of the syslog, you want to know when an event happens that potentially requires action soon.
Here’s a configuration example that stores logs of all events that have a severity level of warning (or more severe) in a file named log-messages:
[edit system] user@host-device# set syslog file log-messages any warning
In this configuration, any warning indicates the event (any) and severity level (warning). To look at the syslog messages in the file on the router, use the show log command, followed by the name of the log file:
user@host-device> show log log-messages
|Configuration Option||Type of Event|
|Any||Any device event|
|authorization||Authentication and authorization attempts|
|change-log||Changes to the device’s configuration|
|conflict-log||Changes to the device’s configuration that are
inappropriate for the device hardware
|daemon||Relating to the Junos OS software processes|
|firewall||Packet filtering performed by firewall filters|
|ftp||File transfers done with FTP|
|interactive-commands||Commands typed at the command-line interface or by a JUNOScript
|kernel||Relating to the Junos OS kernel|
|Pfe||Packet forwarding software|
|Logging Severity Levels|
|Any||—||All severity levels (in other words, include all events)|
|None||—||No severity levels (in other words, discard all events)|
|Info||6||General device operation|
|Notice||5||General device operational events of more interest than
|Critical||2||Critical errors that might affect device operation|
|Alert||1||Errors requiring immediate attention|
|Emergency||0||Errors that cause the device to stop operating|
|Trace routing events|
You can use the traceoptions feature to get more detailed information about a particular operational area. For example, you may want to keep an eye on routing protocol operation. When you do, you can turn tracing on for all routing protocols or for an individual routing protocol.
To get an idea of the general routing protocol operation on the router, configure a file in which to store the operational events and a list of flags that define the types of events you want to record. The following configuration collects information about all events (flags) in the file trace-events:
 user@junos-router# set routing-options traceoptions file trace-events world-readable  user@junos-router# set routing-options traceoptions flag all
The flags that are available vary from device to device and from area to area. In the preceding code, world-readable means that any user who can validly access the device can read the trace file, which is a good idea in many cases. However, the default condition is the no-world-readable option, which limits trace file access to a limited pool of users.