Juniper JunOS appliances can produce syslog event messages based on the following format.

[syslog header] TAG [junos@xxx key-value pairs] message-text

• TAG is a string comprised of a category prefix and a log id suffix in the form of prefix_suffix (e.g. RT_FLOW_SESSION_CLOSE, where the category is RT and the log id is FLOW_SESSION_CLOSE).
• key-value pairs : key-value pairs are specific to each category/log id and they contain general information about the event.
• message-text : Message text is a string sentence that provides additional event information in human readable form. The string’s structure is based on the associated TAG.

For a complete list of possible messages and the meaning of each, please refer to JunOS System Log Messages Reference

For a complete list of possible fields in each message, please refer to Juniper’s Syslog Explorer

Currently supported log IDs
FLOW_SESSION_CLOSE
FLOW_SESSION_DENY
FLOW_SESSION_CREATE
FLOW_REASSEMBLE_SUCCEED
FLOW_REASSEMBLE_FAIL
SSHD_LOGIN_FAILED
SSHD_LOGIN_ATTEMPTS_THRESHOLD