SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

SRX logs to external syslog server

  • 1.  SRX logs to external syslog server

    Posted 06-02-2021 06:56
    I have a pair of SRX 5400 in cluster.

    It currently has the following syslog configuration.
    Here, 10.10.10.10 is a Junos Space system which we have never used.

    set groups node0 system syslog host 10.10.10.10 any any
    set groups node0 system syslog host 10.10.10.10 structured-data
    set groups node0 system syslog file default-log-messages any any
    set groups node0 system syslog file default-log-messages archive size 10m
    set groups node0 system syslog file default-log-messages archive files 10
    set groups node0 system syslog file default-log-messages structured-data
    set groups node0 system syslog time-format year
    set groups node0 system syslog time-format millisecond
    set groups node0 system syslog source-address 10.10.10.1

    set groups node1 system syslog host 10.10.10.10 any any
    set groups node1 system syslog host 10.10.10.10 structured-data
    set groups node1 system syslog file default-log-messages any any
    set groups node1 system syslog file default-log-messages archive size 10m
    set groups node1 system syslog file default-log-messages archive files 10
    set groups node1 system syslog file default-log-messages structured-data
    set groups node1 system syslog source-address 10.10.10.2

    As a result, the logs are saved in the "default-log-messages" file instead of the "messages" file, which is the default.
    Now, I want to send the system logs to an external syslog server.

    I have done the following configuration:

    set system syslog host 20.20.20.20 any any
    set system syslog file default-log-messages any any

    20.20.20.20 is the IP of the external syslog server ad is reachable from the SRX.

    When I checked the syslog server, I found the following files sent by the SRX

    #030#015.log
    q#015.log
    #021#015.log
    #033#015.log
    #015.log

    All of these files have similar content : Date, time, SRX Cluster IP, filename

    for eg:

    Jun 2  17:09:04  10.10.10.3  #030#015
    Jun 2  17:09:04  10.10.10.3  q#015
    Jun 2  17:09:04  10.10.10.3  #021#015
    ​Jun 2  17:09:04  10.10.10.3  #033#015
    Jun 2  17:09:04  10.10.10.3  #015

    Here, 10.10.10.3 is the cluster IP of the SRX

    I don't see any actual logs in the syslog server.
    Can anybody help?​​​


  • 2.  RE: SRX logs to external syslog server

     
    Posted 06-02-2021 08:05
    Hi,

    JUNOS doesn't send files, but UDP syslog messages according to RFC 5424: The Syslog Protocol (rfc-editor.org) Everything else is a matter of configuration on your syslog server.

    Regards

    Ulf