SRX

Expand all | Collapse all

LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)

Jump to Best Answer
  • 1.  LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)

    Posted 04-09-2014 23:19
      |   view attached

    Hi All

     

    I didn't found the right solution/answer for my problem regarding LSYS logging with Juniper SRX 1k/3k/5k in release 11.4 R9.4.

    The goal from my side is to implement for every LSYS-Customer their own STRM/Syslog Server. If the customer already have a syslog solution in place, they should be able to use their syslog servers. This Syslogserver should receive all Logs relevant to the desired LSYS like traffic logs and other logs. To send logs out of the data plane i must configure logging in stream mode instead of event mode. The picture attached should indicate what i would like to do:

     

     

     

    - Traffic-Logging per LSYS ?

    - Logging in Stream Mode per LSYS ?

    - Is this supported through juniper or any restrications ?

     

    Thanks for your feedback

     

     

    11.4 R9.4

    #SRX
    #LSYS
    #logging


  • 2.  RE: LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)

     
    Posted 04-09-2014 23:37

    Hi Claudio

     

    Yes, syslog is supported for LSYS.

    Stream-mode is supported and there are no restrictions, it should work just work like root LYSYS.

    Please follow below KB for your reeference:

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB28775

     

    Regards,

    Raveen



  • 3.  RE: LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)

    Posted 04-10-2014 00:59

    Thanks for your fast answer. When I have a look at the KB28775 i see that i have to create an lt between root and LSYS. Is it really requiered to setup an lt-tunnel (interconnection) between root and LSYS to support stream logging ?



  • 4.  RE: LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)
    Best Answer

     
    Posted 04-10-2014 02:19

    Yes, that is correct, you need an lt-0/0 interface to communicate between different LSYS, and syslog server must be reachable via root LSYS.