Is sending syslog from High End SRX (Data plane and Control Plane) supported over TCP instead of UDP. It would be preferable for ensured delivery of logs.
I think TCP version of syslog is not supported by JunOS on HE devices. I have used tcp syslog feature supported Cisco ISO using catalyst switches and also used it on ScreenOS.
syslog config "10.10.10.10" transport
However, a workaround can be a syslong-ng machine (which support tcp syslogging) working as Syslog gateway, transforming UDP Syslog to TCP Syslog; i.e.
SRX -----<trust>--------- Syslog-ng ------<untrust>------ NMSkind regards
I had the same question. Looks like Junos does not support TCP for system syslog, but supports TCP for security syslog only, see https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/transport-edit-security-log.html (seems to have some TLS support there as well): set security log transport protocol tcp. For the TCP I tried it, it seems to send the messages in some run-lenght encoded format (you could e.g. do a tcpdump/wireshark capure at the receiving end). It did not work with our use-case (sending the SRX syslogs to fluent-bit, as fluent-bit is not prepared to process this RLE format. I am not a syslog expert and does not have time to read syslog RFC-s, and implement changes to fluent-bit to be able to use the "Junos TCP format" (whether it is standard or not), so I fell back to UDP also for the security syslog for now.
From your post, I understand that you for got the tcp format working for security syslog but the format is not suitable.
Can you check if fluent-bit can process the streams in any of these formats?