I have a SRX300, configued the same way as older SRX 2XX-devices. The major difference is that this one is running the newer JunOS version.
The syslog-server is hosted remote. The controller logs from the platform is showing up, but nothing related to the traffic.
I have a custom routing-instance, that has the knowledge or the network.
There is forwarding (next-table) between the default instance and the custom vr. So the routing between them looks fine, both ways.
show configuration security log | display setset security log mode streamset security log format sd-syslogset security log source-address 172.22.1.7set security log stream JSA format sd-syslogset security log stream JSA category allset security log stream JSA host 172.25.2.1set security log stream JSA host port 514set security log stream JSA host routing-instance client_VR
Any good ideas if there is any basic stuff i missed? - Or any ideas of troubleshooting?
I can see this logs at the JSA (checking via TCPdump)
set system syslog user * any emergencyset system syslog host 172.25.2.1 any anyset system syslog host 172.25.2.1 match "!.(Failed to connect to the server after 0 retries)|(!.*Time since last watchdog strob.*)"set system syslog host 172.25.2.1 structured-data
Thanks in advance!
I would suggest you to follow the below checks to resolve this issue.
user@host# deactivate security log
user@host# activate security log
Thanks for the troubleshooting-lineup.
The last step solved (!!!!!), so i did a, deactivate security log, then commit confirmed 1.
The log started to flow from the box as expected.
...so much time spend on solving this, and it came down to that!