Security

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  No syslog messages after upgrade to JunOS 19

    Posted 01-10-2021 18:17

    Hi,

    I've ugpraded from JunOS 15 to JunOS 19 and one of the side effects appears to be that there are no longer any syslog messages being written for SRX security events.

    In fact the only log files that are now being written to are "debug_wmid.2", "messages", and "interactive-commands".

    The screen, ipfd, jsrpd, etc, log files are now all quiet.

    Most of the security rules are working but some are not.

    Is there a list of incompatible changes that present and need to be delt with when moving from 15 -> 19?
    Or I suppose 15 -> 16 -> 17 -> 18 -> 19?

    I had:
    set security log format syslog
    set system syslog file deny any any
    set system syslog archive size 1m
    set system syslog archive files 10
    set system syslog file deny match RT_FLOW_SESSION_DENY

    ... and now, nothing.



  • 2.  RE: No syslog messages after upgrade to JunOS 19
    Best Answer

    Posted 01-17-2021 08:36
    The problem was that somewhere along the upgrade path I needed to add "set security log mode event". I'm not sure which release introduced the requirement for that, but that was the fix.


  • 3.  RE: No syslog messages after upgrade to JunOS 19

    Posted 03-01-2021 10:19
    Morning,

    This was caused by the new on-box logging feature in 17.4R1. I'd probably recommend using that feature (SQL-based) instead of plaintext storage, but that's of course up to you.

    Hope that helps,