I have found a number of places where it states that the default security log mode is "event" (local) for branch devices and "stream" (remote server) for DC devices but I do not seem to be able to find out what it is for the vSRX. Does anyone know?
Thanks for looking 🙂
vSRX has event mode as default:
email@example.com# load factory-default
warning: activating factory configuration
firstname.lastname@example.org# show security log
email@example.com# run show security log detail
Security logging is disabled
So I assume "security logging is disabled" means remote logging (stream) is disabled.
Correct - when stream logging is disabled, then logging wil be handled by the configuration defined under the "system syslog" stanza. Per default no RT_FLOW or similar events are being logged.