Hi,
I have a SRX300, configued the same way as older SRX 2XX-devices. The major difference is that this one is running the newer JunOS version.
The syslog-server is hosted remote. The controller logs from the platform is showing up, but nothing related to the traffic.
I have a custom routing-instance, that has the knowledge or the network.
There is forwarding (next-table) between the default instance and the custom vr. So the routing between them looks fine, both ways.
show configuration security log | display set
set security log mode stream
set security log format sd-syslog
set security log source-address 172.22.1.7
set security log stream JSA format sd-syslog
set security log stream JSA category all
set security log stream JSA host 172.25.2.1
set security log stream JSA host port 514
set security log stream JSA host routing-instance client_VR
Any good ideas if there is any basic stuff i missed? - Or any ideas of troubleshooting?
I can see this logs at the JSA (checking via TCPdump)
set system syslog user * any emergency
set system syslog host 172.25.2.1 any any
set system syslog host 172.25.2.1 match "!.(Failed to connect to the server after 0 retries)|(!.*Time since last watchdog strob.*)"
set system syslog host 172.25.2.1 structured-data
Thanks in advance!
//Rob