Michael, just for reference, I wanted to parse out RPM probe data out of messages and put into a separate file, and did it in a similar fashion. I did this a while back so I can't remember if I had to use a period in the regex or not, but depending on the message info, you certainly might need to.
file messages { any any; authorization info; match "!(.*rmopd.*)"; } file rpmtest.log { any any; match .*rmopd.*; } -Jeff ________________________________________ From: juniper-nsp-boun...@puck.nether.net [juniper-nsp-boun...@puck.nether.net] On Behalf Of O'Connor, Michael [michael.ocon...@txstate.edu] Sent: Tuesday, January 12, 2010 8:00 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] JunOS Syslog / Excluding Messages Greetings, The following notifications have/had for some time filled my syslog messages file, and according to JTAC (after several cases) are kernel messages that can be ignored and were fixed in JunOS 10.x: Nov 13 03:00:14 VC_2_Bottom /kernel: RT_PFE: RT msg op 1 (PREFIX ADD) failed, err 5 (Invalid) Nov 13 03:00:14 VC_2_Bottom fpc2 RT-HAL,rt_entry_add_msg_check,989: unknown vlan index 1 Nov 13 03:00:20 VC_2_Bottom fpc2 RT-HAL,rt_entry_add_msg_check,989: unknown vlan index 1 Nov 13 03:00:20 VC_2_Bottom /kernel: RT_PFE: RT msg op 1 (PREFIX ADD) failed, err 5 (Invalid) Nov 13 03:00:20 VC_2_Bottom /kernel: RT_PFE: RT msg op 1 (PREFIX ADD) failed, err 5 (Invalid) Nov 13 03:00:20 VC_2_Bottom fpc3 RT-HAL,rt_entry_add_msg_check,989: unknown vlan index 1 Nov 13 03:00:22 VC_2_Bottom fpc2 RT-HAL,rt_entry_add_msg_check,989: unknown vlan index 1 Without the luxury or want of a code upgrade (due to buggy virtual-chassis code) I'm left with trying to parse the unwanted messages. (We're running code that is unaffected by the recently released security bulletin) The following config line was provided by JTAC to alleviate those particular messages to no avail: #set system syslog file messages match <"!*RT-HAL,rt_msg_handler,403: route check failed* | *RT_PFE: RT msg* | *RT-HAL,rt_entry_add_msg_check*" I've left the devices with the following configured, and thought I had resolved the problem until some planned maintenance that should have generated some log messages did not populate. Turns out this has killed any notifications to the file. file messages { any notice; authorization info; match "<!*rt_msg_handler*|<!*rt_entry_add_msg_check*|<!*RT msg op*"; } Curious if anyone can point me in the right direction with a regexp that will kill the unwanted messages, and/or if anyone has experienced similar issues. Thanks, Michael _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp