SRX

Expand all | Collapse all

SRX logs to external syslog server

  • 1.  SRX logs to external syslog server

    Posted 22 days ago
    I have a pair of SRX 5400 in cluster.

    It currently has the following syslog configuration.
    Here, 10.10.10.10 is a Junos Space system which we have never used.

    set groups node0 system syslog host 10.10.10.10 any any
    set groups node0 system syslog host 10.10.10.10 structured-data
    set groups node0 system syslog file default-log-messages any any
    set groups node0 system syslog file default-log-messages archive size 10m
    set groups node0 system syslog file default-log-messages archive files 10
    set groups node0 system syslog file default-log-messages structured-data
    set groups node0 system syslog time-format year
    set groups node0 system syslog time-format millisecond
    set groups node0 system syslog source-address 10.10.10.1

    set groups node1 system syslog host 10.10.10.10 any any
    set groups node1 system syslog host 10.10.10.10 structured-data
    set groups node1 system syslog file default-log-messages any any
    set groups node1 system syslog file default-log-messages archive size 10m
    set groups node1 system syslog file default-log-messages archive files 10
    set groups node1 system syslog file default-log-messages structured-data
    set groups node1 system syslog source-address 10.10.10.2

    As a result, the logs are saved in the "default-log-messages" file instead of the "messages" file, which is the default.
    Now, I want to send the system logs to an external syslog server.

    I have done the following configuration:

    set system syslog host 20.20.20.20 any any
    set system syslog file default-log-messages any any

    20.20.20.20 is the IP of the external syslog server ad is reachable from the SRX.

    When I checked the syslog server, I found the following files sent by the SRX

    #030#015.log
    q#015.log
    #021#015.log
    #033#015.log
    #015.log

    All of these files have similar content : Date, time, SRX Cluster IP, filename

    for eg:

    Jun 2  17:09:04  10.10.10.3  #030#015
    Jun 2  17:09:04  10.10.10.3  q#015
    Jun 2  17:09:04  10.10.10.3  #021#015
    ​Jun 2  17:09:04  10.10.10.3  #033#015
    Jun 2  17:09:04  10.10.10.3  #015

    Here, 10.10.10.3 is the cluster IP of the SRX

    I don't see any actual logs in the syslog server.
    Can anybody help?​​​


  • 2.  RE: SRX logs to external syslog server

     
    Posted 22 days ago
    Hi,

    JUNOS doesn't send files, but UDP syslog messages according to RFC 5424: The Syslog Protocol (rfc-editor.org) Everything else is a matter of configuration on your syslog server.

    Regards

    Ulf