messages from these facilities, when messages are directed to a remote machine a
standard localX facility name is used instead of the Junos-specific facility name.
Table 7 on page 14 lists the default alternative facility name used for each Junos-specific
facility name. For facilities that are not listed, the default alternative name is the same
as the local facility name.
Table 7: Default Facilities for Messages Directed to a Remote Destination
Default Facility When Directed to Remote
DestinationJunos-Specific Local Facility
local6change-log
local5conflict-log
local1dfc
local3firewall
local7interactive-commands
local4pfe
The syslogd utility on a remote machine handles all messages that belong to a facility
in the same way, regardless of the source of the message (the Juniper Networks routing
platform or the remote machine itself). For example, the following statements in the
configuration of the routing platform called local-router direct messages from the
authorization facility to the remote machine called monitor.mycompany.com:
[edit system syslog]
host monitor.mycompany.com {
authorization info;
}
The default alternative facility for the local authorization facility is also authorization. If
the syslogd utility on monitor is configured to write messages belonging to the authorization
facility to the file /var/log/auth-attempts, the file contains both the messages generated
when users log in to local-router and the messages generated when users log in to monitor.
Although the name of the source machine appears in each system log message, the
mixing of messages from multiple machines can make it more difficult to analyze the
contents of the auth-attempts file.
To make it easier to separate the messages from each source, you can assign an
alternative facility to all messages generated on local-router when they are directed to
monitor. You can then configure the syslogd utility on monitor to write messages with
the alternative facility to a different file from messages generated on monitor itself.
To change the facility used for all messages directed to a remote machine, include the
facility-override statement at the [edit system syslog host hostname] hierarchy level:
Copyright © 2010, Juniper Networks, Inc.14
Junos 10.3 System Log Messages Reference
To Next Page
Loading...
Need help?
General
