[j-nsp] how to send SRX240 traffic/session logs to syslog server
Aaron Gould
aaron1 at gvtc.com
Mon Jun 19 15:45:56 EDT 2017
I'm trying to send SRX240 traffic/session logs to a syslog server... i have
some system messages going to the syslog server, but not the session/traffic
logs. What do i need to do ?
....i'll show you some info from the syslog stanza....let me know if you
need to see anything else...
{primary:node0}
aaron.gould at HQ_A> show configuration system syslog | display set
set system syslog host 10.51.16.9 any any
set system syslog file policy_session user info
set system syslog file policy_session match RT_FLOW
set system syslog file policy_session archive size 5120000
set system syslog file policy_session archive files 5
set system syslog file policy_session archive world-readable
set system syslog file policy_session structured-data
set system syslog file traffic-log any any
set system syslog file traffic-log match RT_FLOW_SESSION
set system syslog file traffic-log archive size 5120000
set system syslog file traffic-log archive files 5
set system syslog file traffic-log archive world-readable
set system syslog file traffic-log structured-data
set system syslog source-address 1.2.3.4
{primary:node0}
**** these messages are seen on the syslog server at 1.2.3.4
Jun 19 14:37:15 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:15 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:15 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:20 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:25 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:25 HQ_A last message repeated 4 times
Jun 19 14:37:25 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:29 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:30 HQ_A mgd[9666]: UI_CMDLINE_READ_LINE: User 'aaron.gould',
command 'show configuration system syslog | display set '
Jun 19 14:37:30 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:32 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:38 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:38 HQ_A last message repeated 4 times
Jun 19 14:37:41 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:41 HQ_A last message repeated 4 times
Jun 19 14:37:48 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:48 HQ_A last message repeated 2 times
Jun 19 14:37:48 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
Jun 19 14:37:48 HQ_A HQ_A nh_walk_chek_max_num_tag: unexpected NH type 17
***** these are the local flows seen in the SRX240 cli that I would like to
see on the syslog server....
{primary:node0}
aaron.gould at HQ_A> show security flow session
node0:
--------------------------------------------------------------------------
Session ID: 216, Policy name: LAN_22bit_Browsing/9, State: Active, Timeout:
1794, Valid
In: 10.0.2.165/61141 --> 52.112.66.235/443;tcp, If: reth0.0, Pkts: 2666,
Bytes: 463076
Out: 52.112.66.235/443 --> 2.4.6.8/62085;tcp, If: reth1.0, Pkts: 2736,
Bytes: 1048146
Session ID: 248, Policy name: LAN_22bit_Browsing/9, State: Active, Timeout:
1772, Valid
In: 10.0.3.116/57591 --> 65.52.108.227/443;tcp, If: reth0.0, Pkts: 8177,
Bytes: 805754
Out: 65.52.108.227/443 --> 2.4.6.8/54704;tcp, If: reth1.0, Pkts: 4105,
Bytes: 775308
Session ID: 253, Policy name: LAN_22bit_Browsing/9, State: Active, Timeout:
1716, Valid
In: 10.0.2.165/51076 --> 216.58.194.78/443;tcp, If: reth0.0, Pkts: 13,
Bytes: 3632
Out: 216.58.194.78/443 --> 2.4.6.8/55637;tcp, If: reth1.0, Pkts: 14,
Bytes: 1489
Session ID: 303, Policy name: LAN_22bit_Browsing/9, State: Active, Timeout:
1784, Valid
In: 10.0.2.72/51189 --> 52.112.66.235/443;tcp, If: reth0.0, Pkts: 5040,
Bytes: 999840
Out: 52.112.66.235/443 --> 2.4.6.8/57607;tcp, If: reth1.0, Pkts: 5393,
Bytes: 2466530
More information about the juniper-nsp
mailing list