Hello All ,
Just need your inputs here with configuring SRX 220 , 320 to send the Security (traffic) & system logs to External Syslog Server .
I tried couple of ways but dont seem to be getting through , kindly help with the same
I assume you are following an example like this one.
Can you share the config details and whether or not the logs show up in a local file configuration ?
Hello Spuluka ,
I dont have configuration on the devices as of now as its a live or production site so i was testing with commit confirmed to be on safer side as i am not sure about the size of the log file that would be created
Just to explain the scenario
I have a pair of SRX 320 or SRX 220 in HA Setup and in simpler terms i have untrust & trust zones and trust zone is were i have syslog server connected in and both the FW is able to reach the syslog server on trust network , i am attaching a diagram just for your reference .
Please follow the KB articles for sending the System logs and Traffic logs to the External Server.
SRX Getting Started - Configure Traffic Logging (Security Policy Logs) for SRX Branch Devices:
SRX Getting Started - Configure System Logging:
Let me know if you face any difficulties.
Hello Noobmaster ,
I did follow this for SRX 220 but then it didnt work
Are you facing issues for both system logs and traffic logs?
If so, please send me the configuration which you've implemented.
user@host> show configuration system syslog | display set
user@host> show configuration security log | display set
user@host> show configuration security policies | display set
user@host> show chassis routing-engine
user@host> show system storage
In your Syslog configuration, you didn't specify the external server to which the logs need to be sent. Rather you've configured it to save the Syslog locally onto the SRX.
You need to include the below line to send the system logs to the external server.
user@host# set system syslog host <IP address> <facility> <severity>
user@host# set system syslog host 192.168.11.1 any any
NOTE: 192.168.11.1 is the IP address of my External Syslog server where I would like to receive the logs.
Second, I reviewed your traffic logging configuration as well and you've missed a line. Please include the following line and let me know the behavior.
user@host# set security log stream FI_Syslog category all
Please initiate the traffic for the appropriate policy where the session-init and session-close are configured. So, that we can verify the traffic logs.
Let me know if you've any queries.
thank you noobmaster & all of you for your valuable inputs