SRX

SRX send syslog to external syslog server and include FQND of destination ip-prefix

  • 1.  SRX send syslog to external syslog server and include FQND of destination ip-prefix

    Posted 05-12-2021 09:38
    I have a policy from trust to untrust on any application to permit, count, log start log close. 

    I'm sending this traffic to a syslog server and everything is captured and fine. 

    What I would like to do is send the logs with the destination FQND if that is possible? 
    Sample log with just IP prefix that I'm currently capturing. 

    May 11 21:50:00 gateway RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.226.3/56948->172.217.8.100/80 junos-http 10.0.0.31/20143->172.217.8.100/80 source-nat-rule None 6 any trust untrust 7857 N/A(N/A) ge-0/0/2.0 UNKNOWN UNKNOWN UNKNOWN
    May 11 21:50:01 gateway RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed TCP FIN: 192.168.226.3/56948->172.217.8.100/80 junos-http 10.0.0.31/20143->172.217.8.100/80 source-nat-rule None 6 any trust untrust 7857 16(918) 14(15316) 2 UNKNOWN UNKNOWN N/A(N/A) ge-0/0/2.0 UNKNOWN

    Sample log with desired FQND for that I would like to capture. 

    May 11 21:50:00 gateway RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.226.3/56948->mia07s48-in-f4.1e100.net/80 junos-http 10.0.0.31/20143->mia07s48-in-f4.1e100.net/80 source-nat-rule None 6 any trust untrust 7857 N/A(N/A) ge-0/0/2.0 UNKNOWN UNKNOWN UNKNOWN
    May 11 21:50:01 gateway RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed TCP FIN: 192.168.226.3/56948->mia07s48-in-f4.1e100.net/80 junos-http 10.0.0.31/20143->mia07s48-in-f4.1e100.net/80 source-nat-rule None 6 any trust untrust 7857 16(918) 14(15316) 2 UNKNOWN UNKNOWN N/A(N/A) ge-0/0/2.0 UNKNOWN

    thanks,
    Juan

    ------------------------------
    JUAN RUIZ
    ------------------------------