Sending Junos traceoptions to a syslog server

We discussed in this post how to enable remote tracing on Junos. The problem is that the feature can be enabled only for some specific processes.

There is another way how to send any traceoptions to a syslog server. It’s not a Junos specific feature, but a combination of different Junos and Linux/Unix features.

Let’s see this in action.

You want to send the LLDP traceoptions to a syslog server:

 

{master:0}[edit]
root@QFX5100# show protocols lldp
traceoptions {
 file LLDP.log;
 flag all;
}
interface all;

{master:0}[edit]
root@QFX5100#

 

This is the syslog configuration on Junos. As you can see, both local syslog and remote syslog have the same logging level:

 

{master:0}[edit]
root@QFX5100# show system syslog
user * {
 any emergency;
}
host 192.168.158.253 {
 any notice;
 authorization info;
 port 20514;
}
file messages {
 any notice;
 authorization info;
 match "!.*REMOTE_TRACEOPTIONS.*";
}
file interactive-commands {
 interactive-commands any;
}

{master:0}[edit]
root@QFX5100#

 

Probably you already noticed that local syslog will not write any entries with “REMOTE_TRACEOPTIONS”. You will see shortly what this is used for. This string is a random one, but you should pick one that makes sense for you.

Next, we will continuously read the LLDP traceoptions file and then send the output to the local syslog with the “REMOTE_TRACEOPTIONS” string:

 

root@QFX5100:RE:0% tail -F /var/log/LLDP.log | logger -t REMOTE_TRACEOPTIONS&
[1] 20243 20244
root@QFX5100:RE:0%

 

Although we are sending the content of the LLDP traceoptions file to the local syslog, it will not be written because we specified that any line with “REMOTE_TRACEOPTIONS” will not be written in messages file.

However, because there is no such restriction for the syslog server, all the content will be sent there.

What will happen is that on the syslog server you will have both local syslog content and the traceoptions content(which will have the tag applied).

Let’s check the content of the LLDP traceoptions file:

 

{master:0}[edit]
root@QFX5100# run show log LLDP.log | last 10
May 13 08:53:03.905149 proto LLDP packet got added to rx queue for ifl et-0/0/2.0
May 13 08:53:08.497040 proto LLDP packet got added to rx queue for ifl et-0/0/0.0
May 13 08:53:11.375877 proto lldp_transmit_pkt:- ifname xe-0/2/3.0
May 13 08:53:12.239856 proto lldp_transmit_pkt:- ifname et-0/0/22.0
May 13 08:53:14.304294 proto lldp_transmit_pkt:- ifname et-0/0/2.0
May 13 08:53:16.984273 proto lldp_transmit_pkt:- ifname xe-0/2/1.0
May 13 08:53:16.995430 proto LLDP packet got added to rx queue for ifl xe-0/2/2.0
May 13 08:53:17.061344 proto LLDP packet got added to rx queue for ifl xe-0/2/0.0
May 13 08:53:18.368269 proto lldp_transmit_pkt:- ifname xe-0/2/0.0
May 13 08:53:19.078233 proto lldp_transmit_pkt:- ifname em2.32768

{master:0}[edit]
root@QFX5100#

 

And on syslog server, we can see the same line along with the “REMOTE_TRACEOPTIONS” tag:

 

lab@UBUNTU:/var/log/remote$ sudo cat 192.168.158.176.log | tail -10
May 13 08:53:03 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:03.905149 proto LLDP packet got added to rx queue for ifl et-0/0/2.0
May 13 08:53:08 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:08.497040 proto LLDP packet got added to rx queue for ifl et-0/0/0.0
May 13 08:53:11 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:11.375877 proto lldp_transmit_pkt:- ifname xe-0/2/3.0
May 13 08:53:12 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:12.239856 proto lldp_transmit_pkt:- ifname et-0/0/22.0
May 13 08:53:14 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:14.304294 proto lldp_transmit_pkt:- ifname et-0/0/2.0
May 13 08:53:16 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:16.984273 proto lldp_transmit_pkt:- ifname xe-0/2/1.0
May 13 08:53:16 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:16.995430 proto LLDP packet got added to rx queue for ifl xe-0/2/2.0
May 13 08:53:17 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:17.061344 proto LLDP packet got added to rx queue for ifl xe-0/2/0.0
May 13 08:53:18 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:18.368269 proto lldp_transmit_pkt:- ifname xe-0/2/0.0
May 13 08:53:19 192.168.158.176 REMOTE_TRACEOPTIONS: May 13 08:53:19.078233 proto lldp_transmit_pkt:- ifname em2.32768
lab@UBUNTU:/var/log/remote$

 

Let’s check the local syslog:

 

{master:0}[edit]
root@QFX5100# run show log messages
May 13 08:49:42 QFX5100 clear-log[20678]: logfile cleared
May 13 08:50:01 QFX5100 mgd[20275]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
May 13 08:50:02 QFX5100 mgd[20275]: UI_COMMIT_COMPLETED: commit complete
May 13 08:50:25 QFX5100 sshd[20726]: Accepted keyboard-interactive/pam for labroot from 192.168.1.41 port 50475 ssh2

{master:0}[edit]
root@QFX5100#

 

And we can find the same lines on the syslog server:

 

lab@UBUNTU:/var/log/remote$ sudo cat 192.168.158.176.log | grep -v REMOTE_TRACEOPTIONS
May 13 08:50:01 192.168.158.176 mgd[20275]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
May 13 08:50:02 192.168.158.176 mgd[20275]: UI_COMMIT_COMPLETED: commit complete
May 13 08:50:25 192.168.158.176 sshd[20726]: Accepted keyboard-interactive/pam for labroot from 192.168.1.41 port 50475 ssh2
lab@UBUNTU:/var/log/remote$

 

I hope you found this article useful and let me know if you have any questions.

 

The following two tabs change content below.

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Comments

So empty here ... leave a comment!

Leave a Reply

Your email address will not be published. Required fields are marked *

Sidebar



%d bloggers like this: