what is the different between these two logging configurations without considering the source IP?
set system syslog source-address 195.233.32.193
set system syslog host 1.1.1.1 user info
set system syslog host 195.233.32.195 match-strings RT_FLOW
set security log source-address 172.16.0.6
set security log mode stream
set security log stream 01 category flow
set security log stream 01 severity info
set security log stream syslog-server host 1.1.1.1
I configured both of them in my vSRX, and the differences that I saw are three:
1. in the second one I can't use the "match" option.
2. in the first one I could choose the facility that I wanted (user) but in the second one I could not do the same, because I can choose only between different kind of categories (they are not the facilities that I saw in the juniper documentation)
3. I tried to trig the syslog system trough a flow, and in my Syslog server I saw an RT_FLOW log from 172.16.0.6 but if try again without the second configuration, the server receives the same log from 195.233.32.193.
so, at the end I can reach the same result with both of the configurations, but, what is the best one? what are the differences? from my side, if I can't use the "match" option in the "set security log .." configuration (thinking about a big amount of useless log), the best choice is using the "set system syslog .." configuration.
what do you think?