Sending Junos traceoptions to a syslog server
We discussed in this post how to enable remote tracing on Junos. The problem is that the feature can be enabled only for some specific processes.
There is another way how to send any traceoptions to a syslog server. It’s not a Junos specific feature, but a combination of different Junos and Linux/Unix features.
Let’s see this in action.
You want to send the LLDP traceoptions to a syslog server:
{master:0}[edit] root@QFX5100# show protocols lldp traceoptions { file LLDP.log; flag all; } interface all; {master:0}[edit] root@QFX5100#
This is the syslog configuration on Junos. As you can see, both local syslog and remote syslog have the same logging level:
{master:0}[edit] root@QFX5100# show system syslog user * { any emergency; } host 192.168.158.253 { any notice; authorization info; port 20514; } file messages { any notice; authorization info; match "!.*REMOTE_TRACEOPTIONS.*"; } file interactive-commands { interactive-commands any; } {master:0}[edit] root@QFX5100#
Probably you already noticed that local syslog will not write any entries with “REMOTE_TRACEOPTIONS”. You will see shortly what this is used for. This string is a random one, but you should pick one that makes sense for you.
Next, we will continuously read the LLDP traceoptions file and then send the output to the local syslog with the “REMOTE_TRACEOPTIONS” string:
root@QFX5100:RE:0% tail -F /var/log/LLDP.log | logger -t REMOTE_TRACEOPTIONS& [1] 20243 20244 root@QFX5100:RE:0%
Although we are sending the content of the LLDP traceoptions file to the local syslog, it will not be written because we specified that any line with “REMOTE_TRACEOPTIONS” will not be written in messages file.
However, because there is no such restriction for the syslog server, all the content will be sent there.
What will happen is that on the syslog server you will have both local syslog content and the traceoptions content(which will have the tag applied).
Let’s check the content of the LLDP traceoptions file:
{master:0}[edit] root@QFX5100# run show log LLDP.log | last 10 May 13 08:53:03.905149 proto LLDP packet got added to rx queue for ifl et-0/0/2.0 May 13 08:53:08.497040 proto LLDP packet got added to rx queue for ifl et-0/0/0.0 May 13 08:53:11.375877 proto lldp_transmit_pkt:- ifname xe-0/2/3.0 May 13 08:53:12.239856 proto lldp_transmit_pkt:- ifname et-0/0/22.0 May 13 08:53:14.304294 proto lldp_transmit_pkt:- ifname et-0/0/2.0 May 13 08:53:16.984273 proto lldp_transmit_pkt:- ifname xe-0/2/1.0 May 13 08:53:16.995430 proto LLDP packet got added to rx queue for ifl xe-0/2/2.0 May 13 08:53:17.061344 proto LLDP packet got added to rx queue for ifl xe-0/2/0.0 May 13 08:53:18.368269 proto lldp_transmit_pkt:- ifname xe-0/2/0.0 May 13 08:53:19.078233 proto lldp_transmit_pkt:- ifname em2.32768 {master:0}[edit] root@QFX5100#
And on syslog server, we can see the same line along with the “REMOTE_TRACEOPTIONS” tag:
lab@UBUNTU:/var/log/remote$ sudo cat 192.168.158.176.log | tail -10 May 13 08:53:03 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:03.905149 proto LLDP packet got added to rx queue for ifl et-0/0/2.0 May 13 08:53:08 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:08.497040 proto LLDP packet got added to rx queue for ifl et-0/0/0.0 May 13 08:53:11 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:11.375877 proto lldp_transmit_pkt:- ifname xe-0/2/3.0 May 13 08:53:12 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:12.239856 proto lldp_transmit_pkt:- ifname et-0/0/22.0 May 13 08:53:14 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:14.304294 proto lldp_transmit_pkt:- ifname et-0/0/2.0 May 13 08:53:16 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:16.984273 proto lldp_transmit_pkt:- ifname xe-0/2/1.0 May 13 08:53:16 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:16.995430 proto LLDP packet got added to rx queue for ifl xe-0/2/2.0 May 13 08:53:17 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:17.061344 proto LLDP packet got added to rx queue for ifl xe-0/2/0.0 May 13 08:53:18 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:18.368269 proto lldp_transmit_pkt:- ifname xe-0/2/0.0 May 13 08:53:19 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:19.078233 proto lldp_transmit_pkt:- ifname em2.32768 lab@UBUNTU:/var/log/remote$
Let’s check the local syslog:
{master:0}[edit] root@QFX5100# run show log messages May 13 08:49:42 QFX5100 clear-log[20678]: logfile cleared May 13 08:50:01 QFX5100 mgd[20275]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none) May 13 08:50:02 QFX5100 mgd[20275]: UI_COMMIT_COMPLETED: commit complete May 13 08:50:25 QFX5100 sshd[20726]: Accepted keyboard-interactive/pam for labroot from 192.168.1.41 port 50475 ssh2 {master:0}[edit] root@QFX5100#
And we can find the same lines on the syslog server:
lab@UBUNTU:/var/log/remote$ sudo cat 192.168.158.176.log | grep -v REMOTE_TRACEOPTIONS May 13 08:50:01 192.168.158.176 mgd[20275]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none) May 13 08:50:02 192.168.158.176 mgd[20275]: UI_COMMIT_COMPLETED: commit complete May 13 08:50:25 192.168.158.176 sshd[20726]: Accepted keyboard-interactive/pam for labroot from 192.168.1.41 port 50475 ssh2 lab@UBUNTU:/var/log/remote$
I hope you found this article useful and let me know if you have any questions.
Paris ARAU
Latest posts by Paris ARAU (see all)
- Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
- Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
- Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
- Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
- Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018
Comments
So empty here ... leave a comment!