How to Use System Logs to Troubleshoot a Junos Network

By Walter J. Goralski, Cathy Gadecki, Michael Bushong

You need to monitor system logs, change logs, and interactive commands to establish a basis for troubleshooting when problems occur. Logs also help to correlate network events with configuration changes. The syslog file can flag certain events as identify, notify, or alarm. You can store these syslog files locally on the device’s hard drive or a flash drive, or you can send syslog messages to a remote or centralized syslog server.

The severity hierarchy in the Junos OS is

  • Debug

  • Info

  • Notice

  • Warning

  • Error

  • Critical

  • Alert

  • Emergency

Here’s how it looks:

user@router>set system syslog user * any emergency
user@router>set system syslog file syslog-messages any notice
user@router>set system syslog file messages authorization info
user@router>set system syslog file interactive-commands interactive-commands any
user@router>show system syslog
user * {
    any emergency;
file syslog-messages {
    any notice;
    authorization info;
file interactive-commands {
    interactive-commands any;

The configuration above performs three essential syslog functions:

  • Logs any emergency level messages or higher. The ability to apply levels this way cuts down on the configuration size.

  • Logs any info level authorization attempts (or any notice level messages or higher). These are stored in the configured file named syslog-messages and stored in the default /var/log directory on the router.

  • Logs any interactive commands issued by users on the router. The log file interactive-commands is also stored in /var/log.

The wildcard * symbol applies the configuration stanza that follows to all users (or interfaces when used there, and so on).

Some people may imagine that their network is too small to expend resources on keeping elaborate event tracking logs, and that if things go wrong, the root cause will be obvious. However, these people are wrong. Instead, small networks need resources and event tracking as much as larger ones because any network, even a small one, is a very complicated thing and small networks tend to have smaller staffing.