Expand all | Collapse all

SYSLOG Help with SRX

Jump to Best Answer
  • 1.  SYSLOG Help with SRX

    Posted 09-26-2017 01:51



    we have an SRX with 4 x Routing instances, all interafces are configured and members of one of these 4 routing instances.  I need to get the SRX to send SYSLOG data to our syslog server but cannot get it working.  I believe this SYSLOG traffic will originate from the default routing instance; i have no interfaces in the default routing instance.  The SYSLOG server is accessed the MGMT routing instance, i have added the config below but my syslog server is getting no logs.



       syslog {

            archive size 100k files 3;

            user * {

                any emergency;


            host {

                any any;


            file messages {

                any critical;

                authorization info;


            file interactive-commands {

                interactive-commands error;


            file TRAFFIC-LOG {

                any any;

                match RT_FLOW_SESSION;




    routing-options {

        traceoptions {

            file routing-log size 10k files 5;

            flag general;


        static {

            route next-table MGMT.inet.0;


    can anyone assist please? note is an address assigned to an internface in MGMT routing instance.  i can PING the SYSLOG server fine from the MGMT routing instance.


    Many thanks



  • 2.  RE: SYSLOG Help with SRX
    Best Answer

    Posted 09-26-2017 01:54
    Try configure a loopback interface and keep it in inet/default routing instance. SRX will generate Syslog with loopback IP. You can use "source-address" option under syslog to change the address as per your requirement.

  • 3.  RE: SYSLOG Help with SRX

    Posted 09-26-2017 05:11

    What address range(s) are your interfaces in and is the SYSLOG server in a different range?


    I had a similar circumstance and while it may not be the best (???) method, I had a routing instance where the SYSLOG server lived and I used the firewall filter to get the traffic there.


    firewall family inet filter ALLOW_SYSLOG from source port 514

    firewall family inet filter ALLOW_SYSLOG from source address range allowed

    firewall family inet filter ALLOW_SYSLOG then routing-instance ROUTE_TO_SYSLOG_SERVER


    This isn't tested/checked, just typed from memory.

  • 4.  RE: SYSLOG Help with SRX

    Posted 10-06-2017 07:56

    Apologies for late reply, had a CAB process to go through to get this done.


    Thank you very much, this worked and i am now getting syslogs