[j-nsp] Best practice to manage log information

Beny D Setyawan benyds at gmail.com
Sat Jun 21 12:33:44 EDT 2008


Hi Alain,

My router basically use bellow configuration for the system syslog.

syslog {
    user * {
        any emergency;
    }
    host 10.xxx.xxx.xxx { 	### to syslog server ###
        any any;
        authorization any;
        interactive-commands any;
    }
    file messages {
        authorization info;
        daemon any;
        kernel any;
        user any;
        pfe any;
        interactive-commands critical;
    }
    file log_config_user {
        authorization any;
        interactive-commands any;
        archive size 5m files 5 world-readable;
    }
    file new_log {
        any notice;
        authorization info;
        daemon any;
        kernel any;
        archive size 10m files 5;
    }
    source-address 10.xxx.xxx.x;
}

What I'm trying to do is removing log_config_user and new_log and send it to
syslog, also change the configuration of file messages. But in mpls
protocols, we used auto-bandwidth mechanism with file mpls_statistic on it.
Mpls_statistic file changes every 5 minutes and saved it into the harddisk
also making the harddisk doing write-erase. I'm not sure that mpls_statistic
need to be change also based on trends of the traffic itself on the mpls
network. What still out of my mind is the root caused that making harddisk
busy, is it the syslog or mpls_statistic and I'm sure that harddisk working
every time just like others harddsik.


Thanks,
Beny D Setyawan

-----Original Message-----
From: alain.briant at bt.com [mailto:alain.briant at bt.com] 
Sent: Friday, June 20, 2008 7:37 PM
To: benyds at gmail.com; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] Best practice to manage log information

Hi Beny

I believe the best Start is the default syslog config of JUNOS:

system {
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}

After that you can add, as new target, the syslog server and add some more
traces but carefully.

You must keep in mind that for local logs (on the hard disk) if you see your
log files rotating too fast (I mean if your files with the default size and
number do not cover more than One week of time) they will be useless.

Regarding the trace-options you must be careful also with some "flag all"
statements that are writing on the disk a hudge amount of data.

We've had sometimes some M series hanged because of some heavy traces.

First thing so is to have a quick look at your log files:
"Show log ?" 
If you see some of them that are rotating too fast, start removing some
traces leading that.

Hope this help

Alain


-----Message d'origine-----
De : juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] De la part de Beny D Setyawan
Envoyé : vendredi 20 juin 2008 13:30
À : juniper-nsp at puck.nether.net
Objet : [j-nsp] Best practice to manage log information

Hi List,

 

Somehow my m-series hang and need to reboot. JTAC suspected that this is due
to harddisk busy, since there were so many log that write-erase to the
harddisk and suggested to reduce that process. Does anyone has information
what is the best practice on how to manage syslog severity on the Juniper
router? Which log should be send to syslog server and should be save also in
the router itself.

The goal is how to make the router healhty by reduce log of changing any
information on the router from harddisk on the routing-engine perspective.
But in the other hand we need the log information for the NMS.

 

Thanks & Rgds,

Beny D Setyawan

 

 

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list