System logging, or syslog, is a commonly implemented standard for managing and monitoring devices in a network. In many ways, syslog behaves similarly to SNMP traps. When specific events occur, syslog triggers messages that are logged on the local chassis and that are typically also sent to a syslog server. While syslog does have a number of recognized limitations, it is appropriate for multivendor environments because it is standardized by the Internet Engineering Task Force (IETF) and is widely supported among network hardware vendors.
In a JUNOS system, logs can be stored on the local chassis, written to the
screen of an active user, or written to a remote device. In the
following configuration sample, user
Pike_Vaughn sees syslog messages of facility
any and severity
info on his screen when he is logged into the
chassis. The host machine at 192.168.17.17 receives system log notices
sourced from IP address 10.0.0.5.
As with SNMP, defining the source IP is critical because many
syslog servers filter entries based on their source. Definition of
source IP is also necessary if you use event correlation tools to parse
and analyze entries written to a syslog server. Without a specified
source-address, the outbound
interface is used as the source of the syslog
send back to the server. Depending on what
form of management is used (in-band versus OoB), that OoB interface
could potentially change in times of network trouble:
[edit system syslog] ...