[j-nsp] SRX3600 - Session Logs
Mark Menzies
mark at deimark.net
Sun Dec 2 11:28:07 EST 2012
Yup there is.
As the high end boxes do all the processing for the firewalling/VPN/IDP etc
on the SPCs, we can set the logs to be sent from teh SPC instead of being
passed across to the RE.
Basically a high end SRX can create more logs than the RE can handle so we
send logs via stream mode to the syslog/STRM box.
Basic config is below
mark at vodkila> show configuration security log
mode stream;
format sd-syslog;
source-address 10.1.1.1;
stream securitylog {
category all;
host {
10.1.1.26;
port 514;
}
}
Where the host is the syslog server and the source-address is to ensure
that the traffic leaves from correct interface/routing-instance
On 1 December 2012 14:58, Giuliano Medalha <giuliano at wztech.com.br> wrote:
> People,
>
> Does anyone could set log information about sessions using SRX36xx boxes ?
>
> Could you please send this information for me ?
>
> We have tried to use the following syslog config:
>
> user at host# *set system syslog file traffic-log any any*
> user at host# *set system syslog file traffic-log match "RT_FLOW_SESSION"
>
>
> But it is not working.
>
> There is some special way to do it using high end boxex ?
>
> Thanks a lot,
>
> Giuliano
> *
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list