Hi everyone.
I have some questions about SRX 650 after I read DAY ONE book on SRX ( great book by the way!!)
More specifically following excerpt from the book:
"Logging behaves differently in the branch SRX platform and the high-end data center SRX devices due to their hardware architecture. Although both device platforms have data and control planes, the highend security devices make this division in hardware: given the limited resources in the control plane and the high number of entries that these devices can potentially generate, it’s an important consideration when configuring security logging in the high-end platforms. The high-end
SRXs are capable of so much logging, that they can quickly overwhelm the routing engine if security logging is attempted via the control plane (out the fxp0 interface). To overcome this important aspect of logging security events, an administrator can dedicate a revenue port for logging tasks. Doing so will cause logging for security events to be sent out the SRX from the data plane, rather than the control plane, resembling the behavior of the branch SRX devices that don’t have a dedicated hardware control plane. "
Case 1:
SRX 650 is not congigured to send SYSLOG to syslog server, rather all logs are stored locally on the hard drive.
In above case, is generating huge syslog impact control plane? If yes, what part of Control Plane is impacted Route Engine ?
Case2:
SRX 650 is configured to send syslog to SYSLOG server 1.1.1.1 out of Fxpo.
How does it impact control plane versus if we use data port( Port used by Transit traffic) to source Syslog?
Thanks and have a nice weekend!!