Resolving Storage and Log Issues on Juniper SRX Devices
Introduction
Juniper SRX firewalls are widely used for enterprise and branch security, but even robust platforms like the SRX can run into issues with disk space and log management. If the /var partition fills up, you may see critical alarms, loss of log data, or even failures during configuration commits.
In this article, we’ll walk through the most common storage and log problems on Juniper SRX, how to diagnose them, and proven methods to resolve issues—based on real-world troubleshooting.
1. Understanding SRX Storage Layout
SRX devices have a partitioned file system, where /var is used for system logs and temporary files.
When /var runs out of space, symptoms include:
- Chassis alarms (red LED or CLI warning)
- Inability to write or rotate log files
- Failed upgrades or configuration commits
To check current storage usage:
show system storage
or
file list /var/log detail
Example output:
Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 1.3G 915M 341M 73% /.mount tmpfs 921M 8.0K 921M 0% /.mount/tmp ...
2. Diagnosing a Full /var Partition
2.1. List Large Files and Directories
To find what’s eating up space:
file list /var/log detail
Look for very large .gz or .log files.
You can also SSH in and use:
ls -lh /var/log/
2.2. Common Offenders
messagesandmessages.*.gz(rotated system logs)security.loginteractive-commands.log- Core dumps or crash logs
3. Safely Clearing Space
Note: Only delete logs you don’t need for compliance or troubleshooting!
3.1. Delete Old or Large Log Files
Example (delete all compressed rotated logs):
file delete /var/log/*.gz
Or more specifically:
file delete /var/log/messages.1.gz file delete /var/log/security.1.gz
3.2. Remove Old Core Dumps
Core dumps (crash files) can also be deleted:
file delete /var/tmp/*core*
3.3. Restart Logging Service (optional)
If logs were stuck or not rotating:
restart log
4. Preventing Future Issues
4.1. Configure Log Rotation
By default, SRX rotates logs, but you can customize the number and size:
set system syslog file messages any info size 1m files 5
This keeps only 5 files of 1MB each.
4.2. External Syslog
For compliance and more storage, send logs to an external syslog server:
set system syslog host 192.168.1.100 any info
5. Clearing the Chassis Alarm
After resolving storage issues, sometimes a chassis alarm (red light) stays active until you acknowledge or clear it.
To check alarms:
show chassis alarms
To clear alarms:
- For many cases, fixing the root cause (disk space) auto-clears the alarm within a few minutes.
- If not, you may need to reboot the device, or on some JunOS versions:
clear chassis alarms
Note: Not all alarms can be cleared manually; persistent hardware alarms require resolving the underlying issue.
6. Troubleshooting Example: Step-by-Step
Scenario:
SRX reports a storage alarm, /var is full, config commits start failing.
Steps:
- Run
show system storageand identify that/varis >90% full. - List log files:
file list /var/log detail - Delete old logs:
file delete /var/log/*.gz - Remove core dumps:
file delete /var/tmp/*core* - Check
show chassis alarms
– Wait a few minutes for the alarm to clear
– If still present after resolving space, consider rebooting during a maintenance window
7. Useful Commands Reference
show system storage show chassis alarms file list /var/log detail file delete /var/log/*.gz file delete /var/tmp/*core* restart log set system syslog file messages any info size 1m files 5 set system syslog host <syslog-server> any info
Conclusion
Storage and log issues on Juniper SRX devices are common, especially in long-running or heavily-logged environments. By regularly monitoring storage, tuning log rotation, and exporting logs off-box, you can keep your SRX stable and alarm-free.
This guide is based on practical troubleshooting—feel free to bookmark it for the next time you see that red alarm LED!