Junos OS

Expand all | Collapse all

Juniper SRX syslog stream mode problem

Jump to Best Answer
  • 1.  Juniper SRX syslog stream mode problem

    Posted 12-10-2017 06:27

    hi  guys

    My Juniper SRX 550 (A/S HA mode) send syslog to Centos rsyslog in stream mode .

    When i view the real log in Centos display below(just dispaly title)

    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:24 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:27 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW
    Dec 10 22:24:28 YZ-FW-A RT_FLOW

     

    My Filewall syslog config

     

    {primary:node0}[edit security log]
    public@YZ-FW-A# show
    mode stream;
    format sd-syslog;
    source-address 172.19.1.129;
    stream sec {
    severity debug;
    format sd-syslog;
    category all;
    host {
    192.168.66.115;
    }
    }

    Firewall Routing-table

    public@YZ-FW-A# run show route 192.168.66.115

    inet.0: 79 destinations, 121 routes (79 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    192.168.66.0/24 *[Static/5] 2d 03:32:20
    > via st0.0
    [Static/100] 6d 02:10:09
    > via st0.1

     

    Please help

     



  • 2.  RE: Juniper SRX syslog stream mode problem
    Best Answer

     
    Posted 12-10-2017 06:55
    Can you use any other syslog server to verify if this is server issue or not. It looks like some diplay filter issue on server.


  • 3.  RE: Juniper SRX syslog stream mode problem

    Posted 12-10-2017 07:12

    The Centos iptables filter INPUT and OUTPUT is ACCEPT.

     

    when i change then format "syslog" on the SRX,that normal.

     

    why format "sd-syslog" not display on Cenots rsyslog.. 



  • 4.  RE: Juniper SRX syslog stream mode problem

    Posted 12-10-2017 23:52