vSRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

vSRX default security log mode - event or stream?

Jump to Best Answer
  • 1.  vSRX default security log mode - event or stream?

     
    Posted 09-01-2020 06:40

    Hi,

     

    I have found a number of places where it states that the default security log mode is "event" (local) for branch devices and "stream" (remote server) for DC devices but I do not seem to be able to find out what it is for the vSRX. Does anyone know?

     

    Thanks for looking 🙂



  • 2.  RE: vSRX default security log mode - event or stream?
    Best Answer

    Posted 09-01-2020 11:16

    vSRX has event mode as default:

    user@vsrx20.2-node0# load factory-default
    warning: activating factory configuration
    
    [edit]
    user@vsrx20.2-node0# show security log
    
    [edit]
    user@vsrx20.2-node0# run show security log detail
    Security logging is disabled
    

     

     



  • 3.  RE: vSRX default security log mode - event or stream?

    Posted 09-02-2020 03:43

    Correct - when stream logging is disabled, then logging wil be handled by the configuration defined under the "system syslog" stanza. Per default no RT_FLOW or similar events are being logged.



  • 4.  RE: vSRX default security log mode - event or stream?

     
    Posted 09-02-2020 02:16

    Hi Jonas,

     

    So I assume "security logging is disabled" means remote logging (stream) is disabled.

     

    Thanks

     

    Paul