SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



SRX send syslog to external syslog server and include FQND of destination ip-prefix

  • 1.  SRX send syslog to external syslog server and include FQND of destination ip-prefix

    Posted 05-12-2021 09:38
    I have a policy from trust to untrust on any application to permit, count, log start log close. 

    I'm sending this traffic to a syslog server and everything is captured and fine. 

    What I would like to do is send the logs with the destination FQND if that is possible? 
    Sample log with just IP prefix that I'm currently capturing. 

    May 11 21:50:00 gateway RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.226.3/56948->172.217.8.100/80 junos-http 10.0.0.31/20143->172.217.8.100/80 source-nat-rule None 6 any trust untrust 7857 N/A(N/A) ge-0/0/2.0 UNKNOWN UNKNOWN UNKNOWN
    May 11 21:50:01 gateway RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed TCP FIN: 192.168.226.3/56948->172.217.8.100/80 junos-http 10.0.0.31/20143->172.217.8.100/80 source-nat-rule None 6 any trust untrust 7857 16(918) 14(15316) 2 UNKNOWN UNKNOWN N/A(N/A) ge-0/0/2.0 UNKNOWN

    Sample log with desired FQND for that I would like to capture. 

    May 11 21:50:00 gateway RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.226.3/56948->mia07s48-in-f4.1e100.net/80 junos-http 10.0.0.31/20143->mia07s48-in-f4.1e100.net/80 source-nat-rule None 6 any trust untrust 7857 N/A(N/A) ge-0/0/2.0 UNKNOWN UNKNOWN UNKNOWN
    May 11 21:50:01 gateway RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed TCP FIN: 192.168.226.3/56948->mia07s48-in-f4.1e100.net/80 junos-http 10.0.0.31/20143->mia07s48-in-f4.1e100.net/80 source-nat-rule None 6 any trust untrust 7857 16(918) 14(15316) 2 UNKNOWN UNKNOWN N/A(N/A) ge-0/0/2.0 UNKNOWN

    thanks,
    Juan

    ------------------------------
    JUAN RUIZ
    ------------------------------