How to Configure System and Trace Logging in Junos

By Walter J. Goralski, Cathy Gadecki, Michael Bushong

When something goes wrong on your Junos network, you need logs to help you identify and fix the problem. You can set up two types of logging on a Junos OS device to record events as they happen:

  • System logging (syslog), which records device-wide events of importance

  • Trace logging (tracing), which zooms in on events relating to a specific area such as a routing protocol operation

You don’t really want to watch and record everything with maximum syslogs and every possible tracing function. Instead, you really need to look for events that indicate things may be going haywire, and then focus on just the areas that might be the cause.

For this reason, a lot of operators set up syslog files to capture anything that might be going wrong, and then use the tracing process to look at that particular area.

Configure syslogs

Configuring syslog is straightforward: You configure the file in which to store the logs, the type of events you want to track, and the event severity. In terms of the syslog, you want to know when an event happens that potentially requires action soon.

Here’s a configuration example that stores logs of all events that have a severity level of warning (or more severe) in a file named log-messages:

[edit system]
user@host-device# set syslog file log-messages any warning

In this configuration, any warning indicates the event (any) and severity level (warning). To look at the syslog messages in the file on the router, use the show log command, followed by the name of the log file:

user@host-device> show log log-messages
Types of Logging Events
Configuration Option Type of Event
Any Any device event
authorization Authentication and authorization attempts
change-log Changes to the device’s configuration
conflict-log Changes to the device’s configuration that are
inappropriate for the device hardware
daemon Relating to the Junos OS software processes
firewall Packet filtering performed by firewall filters
ftp File transfers done with FTP
interactive-commands Commands typed at the command-line interface or by a JUNOScript
client application
kernel Relating to the Junos OS kernel
Pfe Packet forwarding software
User User processes
Logging Severity Levels
Name Number Description
Any All severity levels (in other words, include all events)
None No severity levels (in other words, discard all events)
Debug 7 Debugging information
Info 6 General device operation
Notice 5 General device operational events of more interest than
Warning 4 General warnings
Error 3 General errors
Critical 2 Critical errors that might affect device operation
Alert 1 Errors requiring immediate attention
Emergency 0 Errors that cause the device to stop operating
Trace routing events

You can use the traceoptions feature to get more detailed information about a particular operational area. For example, you may want to keep an eye on routing protocol operation. When you do, you can turn tracing on for all routing protocols or for an individual routing protocol.

To get an idea of the general routing protocol operation on the router, configure a file in which to store the operational events and a list of flags that define the types of events you want to record. The following configuration collects information about all events (flags) in the file trace-events:

user@junos-router# set routing-options traceoptions file trace-events 
user@junos-router# set routing-options traceoptions flag all

The flags that are available vary from device to device and from area to area. In the preceding code, world-readable means that any user who can validly access the device can read the trace file, which is a good idea in many cases. However, the default condition is the no-world-readable option, which limits trace file access to a limited pool of users.