vSRX

  • 1.  vSRX default security log mode - event or stream?

     
    Posted 09-01-2020 06:40

    Hi,

     

    I have found a number of places where it states that the default security log mode is "event" (local) for branch devices and "stream" (remote server) for DC devices but I do not seem to be able to find out what it is for the vSRX. Does anyone know?

     

    Thanks for looking 🙂



  • 2.  RE: vSRX default security log mode - event or stream?
    Best Answer

    Posted 09-01-2020 11:16

    vSRX has event mode as default:

    user@vsrx20.2-node0# load factory-default
    warning: activating factory configuration
    
    [edit]
    user@vsrx20.2-node0# show security log
    
    [edit]
    user@vsrx20.2-node0# run show security log detail
    Security logging is disabled
    

     

     



  • 3.  RE: vSRX default security log mode - event or stream?

     
    Posted 09-02-2020 02:16

    Hi Jonas,

     

    So I assume "security logging is disabled" means remote logging (stream) is disabled.

     

    Thanks

     

    Paul



  • 4.  RE: vSRX default security log mode - event or stream?

    Posted 09-02-2020 03:43

    Correct - when stream logging is disabled, then logging wil be handled by the configuration defined under the "system syslog" stanza. Per default no RT_FLOW or similar events are being logged.