SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SYSLOG Help with SRX

    Posted 09-26-2017 01:51

    Hello,

     

    we have an SRX with 4 x Routing instances, all interafces are configured and members of one of these 4 routing instances.  I need to get the SRX to send SYSLOG data to our syslog server but cannot get it working.  I believe this SYSLOG traffic will originate from the default routing instance; i have no interfaces in the default routing instance.  The SYSLOG server is accessed the MGMT routing instance, i have added the config below but my syslog server is getting no logs.

     

    system

       syslog {

            archive size 100k files 3;

            user * {

                any emergency;

            }

            host 192.168.1.200 {

                any any;

            }

            file messages {

                any critical;

                authorization info;

            }

            file interactive-commands {

                interactive-commands error;

            }

            file TRAFFIC-LOG {

                any any;

                match RT_FLOW_SESSION;

            }

            source-address 192.168.30.254;

     

    routing-options {

        traceoptions {

            file routing-log size 10k files 5;

            flag general;

        }

        static {

            route 192.168.1.200/32 next-table MGMT.inet.0;

     

    can anyone assist please? note 192.168.30.254 is an address assigned to an internface in MGMT routing instance.  i can PING the SYSLOG server fine from the MGMT routing instance.

     

    Many thanks

     

    Ryan



  • 2.  RE: SYSLOG Help with SRX
    Best Answer

     
    Posted 09-26-2017 01:54
    Try configure a loopback interface and keep it in inet/default routing instance. SRX will generate Syslog with loopback IP. You can use "source-address" option under syslog to change the address as per your requirement.


  • 3.  RE: SYSLOG Help with SRX

    Posted 09-26-2017 05:11

    What address range(s) are your interfaces in and is the SYSLOG server in a different range?

     

    I had a similar circumstance and while it may not be the best (???) method, I had a routing instance where the SYSLOG server lived and I used the firewall filter to get the traffic there.

     

    firewall family inet filter ALLOW_SYSLOG from source port 514

    firewall family inet filter ALLOW_SYSLOG from source address range allowed

    firewall family inet filter ALLOW_SYSLOG then routing-instance ROUTE_TO_SYSLOG_SERVER

     

    This isn't tested/checked, just typed from memory.



  • 4.  RE: SYSLOG Help with SRX

    Posted 10-06-2017 07:56

    Apologies for late reply, had a CAB process to go through to get this done.

     

    Thank you very much, this worked and i am now getting syslogs