Michael, just for reference, I wanted to parse out RPM probe data out of
messages and put into a separate file, and did it in a similar fashion. I did
this a while back so I can't remember if I had to use a period in the regex or
not, but depending on the message info, you certainly might need to.
file messages {
any any;
authorization info;
match "!(.*rmopd.*)";
}
file rpmtest.log {
any any;
match .*rmopd.*;
}
-Jeff
________________________________________
From: juniper-nsp-boun...@puck.nether.net [juniper-nsp-boun...@puck.nether.net]
On Behalf Of O'Connor, Michael [michael.ocon...@txstate.edu]
Sent: Tuesday, January 12, 2010 8:00 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] JunOS Syslog / Excluding Messages
Greetings,
The following notifications have/had for some time filled my syslog messages
file, and according to JTAC (after several cases) are kernel messages that can
be ignored and were fixed in JunOS 10.x:
Nov 13 03:00:14 VC_2_Bottom /kernel: RT_PFE: RT msg op 1 (PREFIX ADD) failed,
err 5 (Invalid)
Nov 13 03:00:14 VC_2_Bottom fpc2 RT-HAL,rt_entry_add_msg_check,989: unknown
vlan index 1
Nov 13 03:00:20 VC_2_Bottom fpc2 RT-HAL,rt_entry_add_msg_check,989: unknown
vlan index 1
Nov 13 03:00:20 VC_2_Bottom /kernel: RT_PFE: RT msg op 1 (PREFIX ADD) failed,
err 5 (Invalid)
Nov 13 03:00:20 VC_2_Bottom /kernel: RT_PFE: RT msg op 1 (PREFIX ADD) failed,
err 5 (Invalid)
Nov 13 03:00:20 VC_2_Bottom fpc3 RT-HAL,rt_entry_add_msg_check,989: unknown
vlan index 1
Nov 13 03:00:22 VC_2_Bottom fpc2 RT-HAL,rt_entry_add_msg_check,989: unknown
vlan index 1
Without the luxury or want of a code upgrade (due to buggy virtual-chassis
code) I'm left with trying to parse the unwanted messages. (We're running code
that is unaffected by the recently released security bulletin)
The following config line was provided by JTAC to alleviate those particular
messages to no avail:
#set system syslog file messages match
<"!*RT-HAL,rt_msg_handler,403: route check failed* | *RT_PFE: RT msg* |
*RT-HAL,rt_entry_add_msg_check*"
I've left the devices with the following configured, and thought I had resolved
the problem until some planned maintenance that should have generated some log
messages did not populate. Turns out this has killed any notifications to the
file.
file messages {
any notice;
authorization info;
match "<!*rt_msg_handler*|<!*rt_entry_add_msg_check*|<!*RT msg op*";
}
Curious if anyone can point me in the right direction with a regexp that will
kill the unwanted messages, and/or if anyone has experienced similar issues.
Thanks,
Michael
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
