Recently I placed a switch for a project. And now I want to see how often the switch is used by wired users. Lets for argument sake asume interface bounce is not handled by the standard log files.
Juniper provides a a way to create a logfile for your specific needs. Only thing you need to do is create a regular expression to catch the event. Interface bounce events are recognized by the keyword “ifOperStatus”
set system syslog file interface-logs any any
set system syslog file interface-logs match ifOperStatus
set system syslog file interface-logs archive size 500k
set system syslog file interface-logs archive files 20
- File name is defined by file interface-logs
- Filter is defined by match ifOperStatus
- Archive size is defined by archive size 500k
- and archive history is defined by archive files 20
This does the trick,. But an interface up event results is two log entries. One for the interface and one for the attached vlan subinterface.
ninja@juniper-ex3400> show log interface-logs | trim 25 juniper-ex3400 mib2d[15326]: SNMP_TRAP_LINK_DOWN: ifIndex 665, ifAdminStatus up(1), ifOperStatus down(2), ifName xe-0/2/0 juniper-ex3400 mib2d[15326]: SNMP_TRAP_LINK_UP: ifIndex 665, ifAdminStatus up(1), ifOperStatus up(1), ifName xe-0/2/0 juniper-ex3400 mib2d[15326]: SNMP_TRAP_LINK_UP: ifIndex 666, ifAdminStatus up(1), ifOperStatus up(1), ifName xe-0/2/0.0
A nice to have would be to filter out the vlan subinterfaces. The solution I came up with is replace the match statement with;
set system syslog file interface-logs match "ifOperStatus[ 0-9a-zA-Z(),-/]{1,}\/[0-9]{1,}$"
Now you only have one down notification and one up notification.Configuration looks like ;
set system syslog file interface-logs any any
set system syslog file interface-logs match "ifOperStatus[ 0-9a-zA-Z(),-/]{1,}\/[0-9]{1,}$"
set system syslog file interface-logs archive size 500k
set system syslog file interface-logs archive files 20
Et voila… you have created a logfile for your own specific purpose. The only problem I experience is creating a propper regexp to catch the log message. Luckily there are some tools available on the internet such as www.regexp101.com which you can use to test run your rexexp skills.
Network Ninja 
Hi,
Do you still strive to become a Networking Ninja?
I’m intrested to hear about your progress. Where are you now in the networking world, what progress have you made in the last 2-3 years?
Thanks for some intresting reads in this blogg.
Hi Kal, yes I still want to become a network ninja. Now even more than 20 years ago. I see a shift in knowledge/expertise fields a network engineer must have. One must have scripting knowledge, have a focus on security. And in regard of scripting you have to be able to provide scripts that scale well to larger size networks.
Last couple of years I didn’t make the progress that I wanted to. But now, I am ready to incorporate document the things that I learn into this site.
Next steps in certification are JNCIA, JNCDA. In scripting I will go more in depth of expect/tcl.