I didn't found the right solution/answer for my problem regarding LSYS logging with Juniper SRX 1k/3k/5k in release 11.4 R9.4.
The goal from my side is to implement for every LSYS-Customer their own STRM/Syslog Server. If the customer already have a syslog solution in place, they should be able to use their syslog servers. This Syslogserver should receive all Logs relevant to the desired LSYS like traffic logs and other logs. To send logs out of the data plane i must configure logging in stream mode instead of event mode. The picture attached should indicate what i would like to do:
- Traffic-Logging per LSYS ?
- Logging in Stream Mode per LSYS ?
- Is this supported through juniper or any restrications ?
Thanks for your feedback
Yes, syslog is supported for LSYS.
Stream-mode is supported and there are no restrictions, it should work just work like root LYSYS.
Please follow below KB for your reeference:
Thanks for your fast answer. When I have a look at the KB28775 i see that i have to create an lt between root and LSYS. Is it really requiered to setup an lt-tunnel (interconnection) between root and LSYS to support stream logging ?
Yes, that is correct, you need an lt-0/0 interface to communicate between different LSYS, and syslog server must be reachable via root LSYS.