SRX

Expand all | Collapse all

Viewing SRX Policy Logs

Jump to Best Answer
  • 1.  Viewing SRX Policy Logs

    Posted 10-08-2014 11:16

    On the SRX firewalls, you can copy the policy logs off of the firewall, but I think they are tar.gz files.  Is there any way to view them other than through the SRX CLI, GUI, or a syslog server?

     

    Regards,



  • 2.  RE: Viewing SRX Policy Logs
    Best Answer

     
    Posted 10-11-2014 05:36

    There is no software for viewing the logs.  But if you unpack the compressed file it is just text that your can view in any text reading software like excel or word.



  • 3.  RE: Viewing SRX Policy Logs

    Posted 10-13-2014 06:22

    Thank you, spuluka.  I did a little more digging on the subject and discovered exactly what you said.  Unfortunately, a customer of mine is attempting to read and interpret the system logs and policy logs coming from his firewall.  I have explained to him that this is a colossal waste of time (not in those exact words) and that there are tools (log management systems and SIEMs) that help analyze and make sense of that information over longer periods of time.  Hopefully we will move in that direction.

     



  • 4.  RE: Viewing SRX Policy Logs

    Posted 02-14-2018 09:09

    Does this file generate automaticaly or one has to create it?



  • 5.  RE: Viewing SRX Policy Logs

     
    Posted 02-15-2018 02:54

    The local files will generate automatically once logging is added to policies for all but very high end devices.  These default to stream instead of local mode but can be shifted to local file logging by configuration if that is preferred.

     

    Reading this thread again, I probably missed the main point for the specific question.  The question was how to I read these log files outside the SRX.  But the main point seems to be wanting to centrally log and keep information long term.

     

    The SRX does support syslog as the format to ship logs directly off the device to a central repository like a log collector or SIEM.  You simply configure that target and details in syslog and the events will be directly sent there as well for long term storage and analysis.