I know that using stream mode means that dataplane (security) logs are sent to the syslog servers instead of logging locally. However, I noticed a steram mode "cache" setting (security/log section) that seems to be associated with writing log entries to the "audit log buffer". I'm guessing this is just a memory buffer that is overwritten as needed, but I'm not sure. Additionally, I'm wondering if there is a way to view the contents of this buffer? Ultimately, I was looking for a way to look at the security (traffic ) logs on the local firewall, even if it is only a few recent minutes worth.
Thanks in advance!
From Tech Library:
Description
Cache security log events in the audit log buffer
#streamsecurityloggingcache#SRX