[j-nsp] R: Re: SRX monitor-interface question
dim0sal
dim0sal at hotmail.com
Wed Dec 18 00:39:40 EST 2013
I currently would like to have both traffic logs and local resource logs (systems syslog, routing syslog, snmp, etc) in the device we re able to reach.
We did management inband hence we re able to reach only through RG1.
Any idea?
Tks
Sent with Mobile
-------- Messaggio originale --------
Da: Fahad Khan <fahad.khan at gmail.com>
Data:
A: R S <dim0sal at hotmail.com>
Cc: Asad Raza <asadgardezi at gmail.com>,juniper-nsp at puck.nether.net
Oggetto: Re: [j-nsp] SRX monitor-interface question
SRX (High end) by default keeps logs on data plane and they have to be forwarded to any external syslog
http://kb.juniper.net/InfoCenter/index?page=content&id=KB16506
however from Junos 10 perhaps you can copy them from data plane to control plane if you want to see them on console.
Muhammad Fahad Khan
JNCIE-M # 756
Lead Network and Security Consultant - IBM
+92-301-8247638
Skype: fahad-ibm
http://pk.linkedin.com/in/muhammadfahadkhan
On Fri, Dec 13, 2013 at 7:28 PM, R S <dim0sal at hotmail.com> wrote:
The only part missing will remain local control plane resources (ie logs, snmp, etc) that remain on RG0 secondary.
Am I right ?
Date: Fri, 13 Dec 2013 14:58:46 +0300
Subject: Re: [j-nsp] SRX monitor-interface question
From: asadgardezi at gmail.com
To: dim0sal at hotmail.com
CC: fahad.khan at gmail.com; juniper-nsp at puck.nether.net
Reffer data plane on following:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB16224
Asad
On Friday, December 13, 2013, R S wrote:
how can I config syslog/traffic log directly from data plane ?
some config example ?
tks
Date: Fri, 13 Dec 2013 14:51:58 +0300
Subject: Re: [j-nsp] SRX monitor-interface question
From: asadgardezi at gmail.com
To: dim0sal at hotmail.com
CC: fahad.khan at gmail.com; juniper-nsp at puck.nether.net
Its not recommended to use control plane for traffic logs, you can configure sex to forward traffic logs directly from data plane
RG0 aka control plane controls your rotuing engine, routing protocols and chassis. Failing it over will cause your routing daemon to restart , routing protocols to reconverge and so on...
Asad
On Friday, December 13, 2013, R S wrote:
And what about syslog or firewall traffic logging flows on the RG1 Active node if RG0 remain active on the Passive ?
Date: Fri, 13 Dec 2013 16:34:53 +0500
Subject: Re: [j-nsp] SRX monitor-interface question
From: fahad.khan at gmail.com
To: dim0sal at hotmail.com
CC: juniper-nsp at puck.nether.net
RG0 only contains Control Plane or REs.
In SRX failover, its not necessary to failover RG0 when there is a failover in RG1 due to a link failure. So we only do interface-monitor in RG1, RG2 ... not in RG0. RG0 already run in A/P mode.
It can be possible that SRX B is Primary in RG0 while Secondary in RG1 (means SRX A is Primary in RG 1)
Muhammad Fahad Khan
JNCIE-M # 756
Lead Network and Security Consultant - IBM
+92-301-8247638
Skype: fahad-ibm
http://pk.linkedin.com/in/muhammadfahadkhan
On Fri, Dec 13, 2013 at 2:07 PM, R S <dim0sal at hotmail.com> wrote:
Hi
In an SRX5800 cluster
A/P deployment, does anybody recommend to monitor-interface also on RG0 or not
?
PRO ? CONS ?
We did it but
unfortunately during an SPU crash the RG0 didn’t switch properly and JTAC told us it’s
not recommended monitor-interface under RG0 in same corner case…
Any experience to share
is useful
Tks
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list