I have a pair of SRX 5400 in cluster.
It currently has the following syslog configuration.
Here, 10.10.10.10 is a Junos Space system which we have never used.
set groups node0 system syslog host 10.10.10.10 any any
set groups node0 system syslog host 10.10.10.10 structured-data
set groups node0 system syslog file default-log-messages any any
set groups node0 system syslog file default-log-messages archive size 10m
set groups node0 system syslog file default-log-messages archive files 10
set groups node0 system syslog file default-log-messages structured-data
set groups node0 system syslog time-format year
set groups node0 system syslog time-format millisecond
set groups node0 system syslog source-address 10.10.10.1
set groups node1 system syslog host 10.10.10.10 any any
set groups node1 system syslog host 10.10.10.10 structured-data
set groups node1 system syslog file default-log-messages any any
set groups node1 system syslog file default-log-messages archive size 10m
set groups node1 system syslog file default-log-messages archive files 10
set groups node1 system syslog file default-log-messages structured-data
set groups node1 system syslog source-address 10.10.10.2
As a result, the logs are saved in the "default-log-messages" file instead of the "messages" file, which is the default.
Now, I want to send the system logs to an external syslog server.
I have done the following configuration:
set system syslog host 20.20.20.20 any any
set system syslog file default-log-messages any any
20.20.20.20 is the IP of the external syslog server ad is reachable from the SRX.
When I checked the syslog server, I found the following files sent by the SRX
#030#015.log
q#015.log
#021#015.log
#033#015.log
#015.log
All of these files have similar content : Date, time, SRX Cluster IP, filename
for eg:
Jun 2 17:09:04 10.10.10.3 #030#015
Jun 2 17:09:04 10.10.10.3 q#015
Jun 2 17:09:04 10.10.10.3 #021#015
Jun 2 17:09:04 10.10.10.3 #033#015
Jun 2 17:09:04 10.10.10.3 #015
Here, 10.10.10.3 is the cluster IP of the SRX
I don't see any actual logs in the syslog server.
Can anybody help?