SRX

Expand all | Collapse all

Syslog format

Jump to Best Answer
  • 1.  Syslog format

    Posted 05-18-2017 14:26

    I've configured syslog for configuration changes to be logged on a remote server. Below is my config:

     

    set system syslog host 10.10.10.10 any critical
    set system syslog host 10.10.10.10 authorization any
    set system syslog host 10.10.10.10 user critical
    set system syslog host 10.10.10.10 change-log any
    set system syslog host 10.10.10.10 source-address 10.20.20.20
    set system syslog host 10.10.10.10 structured-data

     

    I changed config on SRX and received following messages on Syslog server:

    2017-05-18 15:03:59 Local6.Info 10.202.30.40 1 2017-05-18T15:03:59.506-06:00 SRXVPN01 mgd 93743 UI_CFG_AUDIT_OTHER [junos@2636.1.1.1.2.39 username="admin_xxxxxxxx" action="set" pathname="[system services telnet\]" delimiter="" value=""] User 'admin_xxxxxxxx' set: [system services telnet]
    2017-05-18 15:04:51 Local6.Info 10.202.30.40 1 2017-05-18T15:04:51.648-06:00 SRXVPN01 mgd 93743 UI_CFG_AUDIT_OTHER [junos@2636.1.1.1.2.39 username="admin_xxxxxxxx" action="delete" pathname="[system services telnet\]" delimiter="" value=""] User 'admin_xxxxxxxx' delete: [system services telnet] 

     

    The Syslog messages dont have the source address of machine that changes the config. 10.202.30.40 address is the managment address of the SRX. 

    Am i missing something in config ?

     


    #SRX
    #syslog


  • 2.  RE: Syslog format

    Posted 05-18-2017 22:11

    is the configured syslog source address defined on the SRX ?

     

    if not I assume that this is the reson for the SRX to change to the loopback address.

     

    regards

     

    alexander



  • 3.  RE: Syslog format

    Posted 05-19-2017 13:37

    Yes the source address isdefined in SRX. They are all in same VR.



  • 4.  RE: Syslog format
    Best Answer

    Posted 05-19-2017 12:34

    Hi,

     

    The details of the syslog message are meintioned in the following link :-

    https://apps.juniper.net/syslog-explorer/#message=UI_CFG_AUDIT_OTHER&product=Junos%20OS&release=17.1

     

    This does not contain the IP address of the machine from where the changes are being made. It notes the username.

     

    HTH!

     

    Regards,

    Sahil Sharma

    Please mark my response as Solution if it Helps, Kudos are Appreciated as well.