On the SRX firewalls, you can copy the policy logs off of the firewall, but I think they are tar.gz files. Is there any way to view them other than through the SRX CLI, GUI, or a syslog server?
There is no software for viewing the logs. But if you unpack the compressed file it is just text that your can view in any text reading software like excel or word.
Thank you, spuluka. I did a little more digging on the subject and discovered exactly what you said. Unfortunately, a customer of mine is attempting to read and interpret the system logs and policy logs coming from his firewall. I have explained to him that this is a colossal waste of time (not in those exact words) and that there are tools (log management systems and SIEMs) that help analyze and make sense of that information over longer periods of time. Hopefully we will move in that direction.
Does this file generate automaticaly or one has to create it?
The local files will generate automatically once logging is added to policies for all but very high end devices. These default to stream instead of local mode but can be shifted to local file logging by configuration if that is preferred.
Reading this thread again, I probably missed the main point for the specific question. The question was how to I read these log files outside the SRX. But the main point seems to be wanting to centrally log and keep information long term.
The SRX does support syslog as the format to ship logs directly off the device to a central repository like a log collector or SIEM. You simply configure that target and details in syslog and the events will be directly sent there as well for long term storage and analysis.