[j-nsp] SRX 5800 Cluster - Only primary firewall sends security logs
Ahmed -Y
yhameed81 at gmail.com
Wed Oct 9 10:02:11 EDT 2013
Hello Guys,
I have two SRX 5800 firewalls in cluster active-active mode so both
firewalls carry the session. I configured security logs sent to syslog
server (precisely STRM), below is config.
security log
mode stream;
format sd-syslog;
source-address <Master-Only IP>;
stream security-logs {
category all;
host {
<STRM/SYSLog server IP>;
port 514;
i have recently noticed that only primary firewall sends log. If session
close on primary firewall, the log gives the reason of session closure like
TCP FIN, RST, Timeout etc but if the session close on secondary firewall,
the reason in log shows HA so i can't see why the session was closed. Am I
missing anything in configuration? I will be thankful if you give your
thoughts on it.
Regards
More information about the juniper-nsp
mailing list