Security

 View Only
last person joined: 18 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  No syslog messages after upgrade to JunOS 19

    Posted 01-10-2021 18:17

    Hi,

    I've ugpraded from JunOS 15 to JunOS 19 and one of the side effects appears to be that there are no longer any syslog messages being written for SRX security events.

    In fact the only log files that are now being written to are "debug_wmid.2", "messages", and "interactive-commands".

    The screen, ipfd, jsrpd, etc, log files are now all quiet.

    Most of the security rules are working but some are not.

    Is there a list of incompatible changes that present and need to be delt with when moving from 15 -> 19?
    Or I suppose 15 -> 16 -> 17 -> 18 -> 19?

    I had:
    set security log format syslog
    set system syslog file deny any any
    set system syslog archive size 1m
    set system syslog archive files 10
    set system syslog file deny match RT_FLOW_SESSION_DENY

    ... and now, nothing.



  • 2.  RE: No syslog messages after upgrade to JunOS 19
    Best Answer

    Posted 01-17-2021 08:36
    The problem was that somewhere along the upgrade path I needed to add "set security log mode event". I'm not sure which release introduced the requirement for that, but that was the fix.


  • 3.  RE: No syslog messages after upgrade to JunOS 19

    Posted 03-01-2021 10:19
    Edited by Craig Dods 03-01-2021 10:19
    Morning,

    This was caused by the new on-box logging feature in 17.4R1. I'd probably recommend using that feature (SQL-based) instead of plaintext storage, but that's of course up to you.

    Hope that helps,