How to Manage Junos Device Log Files - dummies

How to Manage Junos Device Log Files

By Walter J. Goralski, Cathy Gadecki, Michael Bushong

If you’ve created loads of log files, shuttling different types of events to different types of files for ease of use, you need to manage those files.

By default, Junos OS software limits the size of the log files to 128K. As events are logged, when the total size of the messages exceeds 128K, something has to give. You don’t want to stop logging, but you also don’t want to lose any historical information that may be necessary or useful.

When files reach the 128K limit, those files are compressed and archived on the device with a file extension that identifies the file’s relative age. Looking at the /var/log/ directory shows this behavior:

% show /var/log/messages*
messages       Size: 62145, Last changed: October 27 17:15:45
messages.0.gz     Size : 9213, Last changed: October 25 09:23:01
messages.1.gz     Size : 7814, Last changed: October 24 23:14:53
messages.10.gz    Size : 8467, Last changed: October 17 03:11:28
messages.2.gz     Size : 8863, Last changed: October 24 06:31:09
messages.3.gz     Size : 8749, Last changed: October 23 19:51:00
messages.4.gz     Size : 9003, Last changed: October 22 22:05:37
messages.5.gz     Size : 7191, Last changed: October 20 14:10:22
messages.6.gz     Size : 9059, Last changed: October 19 14:21:59
messages.7.gz     Size : 7834, Last changed: October 19 02:46:01
messages.8.gz     Size : 8559, Last changed: October 18 09:29:52
messages.9.gz     Size : 8272, Last changed: October 17 21:45:38

Junos OS rotates the log files. Each time the current file reaches the size limit, that file is compressed and saved with the .0 file extension. Each file’s extension is then incremented, and the tenth file is deleted.

If you’re using log files to actively troubleshoot a current problem, you may find it useful to clean up the log files so that you can reduce the number of old messages you have to sort through while debugging the issue. To clear the messages for a particular log, use the clear log command:

user@my-device> clear log messages

When you issue this command, the messages log file is emptied, which makes sorting through incoming syslog messages considerably easier.