[j-nsp] Best practice to manage log information
Scott Weeks
surfer at mauigateway.com
Fri Jun 20 17:04:06 EDT 2008
--------- benyds at gmail.com wrote: -------------
From: "Beny D Setyawan" <benyds at gmail.com>
Somehow my m-series hang and need to reboot. JTAC suspected that this is due
to harddisk busy, since there were so many log that write-erase to the
harddisk and suggested to reduce that process. Does anyone has information
what is the best practice on how to manage syslog severity on the Juniper
router? Which log should be send to syslog server and should be save also in
the router itself.
The goal is how to make the router healhty by reduce log of changing any
information on the router from harddisk on the routing-engine perspective.
But in the other hand we need the log information for the NMS.
-------------------------------------------------
I send everything to a *nix sysog server that I can (levels 0 - 7 are the range) w/o taxing the CPU too much and keep as little as possible on the router. That way I have everything I can to grep through when trouble occurs. Be sure to use the syslog.conf (logadm.conf in Solaris) to cut, zip and archive the logs daily, so there's not too much to grep through. Also, use "facility localN", where N is 0 - 7, to send the syslog entries to a particular directory, rather than /var/log/messages.
Here's how I do it in Solaris:
/var/log/router.log -C 100 -c -p 1d -t /var/log/old-router-logs/router.log.%m-%d-%Y -z 1 /var/log/router.log
scott
---------------------------------
More information about the juniper-nsp
mailing list