[j-nsp] Best practice to manage log information

Erdem Sener erdems at gmail.com
Sat Jun 21 12:47:37 EDT 2008 

Hi Beny,

 You're logging 'kernel any' two times in your config (both 'messages'
and 'new_log'.

 I'm not sure if you would really need 'kernel any', 'pfe any'
locally, maybe you'd like to move
those statements to syslog server?

 HTH
 Erdem

On Sat, Jun 21, 2008 at 6:33 PM, Beny D Setyawan <benyds at gmail.com> wrote:
> Hi Alain,
>
> My router basically use bellow configuration for the system syslog.
>
> syslog {
>    user * {
>        any emergency;
>    }
>    host 10.xxx.xxx.xxx {       ### to syslog server ###
>        any any;
>        authorization any;
>        interactive-commands any;
>    }
>    file messages {
>        authorization info;
>        daemon any;
>        kernel any;
>        user any;
>        pfe any;
>        interactive-commands critical;
>    }
>    file log_config_user {
>        authorization any;
>        interactive-commands any;
>        archive size 5m files 5 world-readable;
>    }
>    file new_log {
>        any notice;
>        authorization info;
>        daemon any;
>        kernel any;
>        archive size 10m files 5;
>    }
>    source-address 10.xxx.xxx.x;
> }
>
> What I'm trying to do is removing log_config_user and new_log and send it to
> syslog, also change the configuration of file messages. But in mpls
> protocols, we used auto-bandwidth mechanism with file mpls_statistic on it.
> Mpls_statistic file changes every 5 minutes and saved it into the harddisk
> also making the harddisk doing write-erase. I'm not sure that mpls_statistic
> need to be change also based on trends of the traffic itself on the mpls
> network. What still out of my mind is the root caused that making harddisk
> busy, is it the syslog or mpls_statistic and I'm sure that harddisk working
> every time just like others harddsik.
>
>
> Thanks,
> Beny D Setyawan
>
> -----Original Message-----
> From: alain.briant at bt.com [mailto:alain.briant at bt.com]
> Sent: Friday, June 20, 2008 7:37 PM
> To: benyds at gmail.com; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] Best practice to manage log information
>
> Hi Beny
>
> I believe the best Start is the default syslog config of JUNOS:
>
> system {
>    syslog {
>        user * {
>            any emergency;
>        }
>        file messages {
>            any notice;
>            authorization info;
>        }
>        file interactive-commands {
>            interactive-commands any;
>        }
>    }
> }
>
> After that you can add, as new target, the syslog server and add some more
> traces but carefully.
>
> You must keep in mind that for local logs (on the hard disk) if you see your
> log files rotating too fast (I mean if your files with the default size and
> number do not cover more than One week of time) they will be useless.
>
> Regarding the trace-options you must be careful also with some "flag all"
> statements that are writing on the disk a hudge amount of data.
>
> We've had sometimes some M series hanged because of some heavy traces.
>
> First thing so is to have a quick look at your log files:
> "Show log ?"
> If you see some of them that are rotating too fast, start removing some
> traces leading that.
>
> Hope this help
>
> Alain
>
>
> -----Message d'origine-----
> De : juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] De la part de Beny D Setyawan
> Envoyé : vendredi 20 juin 2008 13:30
> À : juniper-nsp at puck.nether.net
> Objet : [j-nsp] Best practice to manage log information
>
> Hi List,
>
>
>
> Somehow my m-series hang and need to reboot. JTAC suspected that this is due
> to harddisk busy, since there were so many log that write-erase to the
> harddisk and suggested to reduce that process. Does anyone has information
> what is the best practice on how to manage syslog severity on the Juniper
> router? Which log should be send to syslog server and should be save also in
> the router itself.
>
> The goal is how to make the router healhty by reduce log of changing any
> information on the router from harddisk on the routing-engine perspective.
> But in the other hand we need the log information for the NMS.
>
>
>
> Thanks & Rgds,
>
> Beny D Setyawan
>
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list