I think you should read these. You may say that using a windows DC to do this is out of scope here. Keep in mind that a regular windows PC might work, and perhaps even better or worse.
https://learn.microsoft.com/en-us/defender-for-identity/deploy/configure-event-forwarding
https://community.juniper.net/discussion/event-options-not-working-as-desired-on-srx340
------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
------------------------------
Original Message:
Sent: 03-28-2025 12:33
From: ZAKRIS SHMAGRANOFF
Subject: SRX 300 Remote Syslog Issues
Hello!
I am trying to get remote syslog working on my Juniper SRX300s. I have both the "system -> syslog" and "security -> log" hierarchies configured, but I only get security logs and not regular device syslogs. Not sure if I am missing something but I read the KB and docs on setting it up and nothing there seems to work. The connection between my junipers and syslog works because I do get the security logs on the same port and protocol. Below are my configs for each section. Any help would be appreciated! Thanks!
System Syslog:
syslog {
host 192.168.3.93 {
any any;
port 514;
source-address 192.168.2.1;
structured-data {
brief;
}
}
file messages {
any any;
authorization info;
archive size 1000k files 3 world-readable;
}
file policy_session {
match RT_FLOW;
archive size 1000k files 3 world-readable;
structured-data;
}
source-address 192.168.2.1;
}Security Syslog:
log {
mode stream;
format sd-syslog;
source-address 192.168.2.1;
stream GRAYLOG {
category screen;
host {
192.168.3.93;
port 514;
}
}
}
------------------------------
ZAKRIS SHMAGRANOFF
------------------------------