I have this config running in a SRX345, but still the security logs are not in the monitoring tool(Splunk). I have verified that the Splunk has a listener configured on TCP 9514.
user@SRX345> show configuration security log
cache;
mode event;
report;
source-address 10.10.x.1;
transport {
protocol tcp;
}
stream LOGS {
host {
10.10.x.x;
port 9514;
}
}
{primary:node0}
Can you please tell me if these configs are good?