Junos OS

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  SRX 5400 - security log not working

    Posted 4 days ago

    Hi, 

    Remote logging of security logs is not working on our srx5400 firewall.  we would like to send traffic logs to a syslog server. software version is 21.4R3-S7.9. 

    system logs are being sent, but not security logs. SRX5400 being SRX high end, we made sure to source the traffic log stream from a data plane interface, not RE interface. 

    here is the configuration: 

    mode stream;
    source-address <data-plane-interface-ip-address>;
    stream security_logs {
        severity info;
        host {
            <syslog-server-ip-adress>;
        }
    }

    thanks for your help.



    ------------------------------
    ADMIN ARS
    ------------------------------


  • 2.  RE: SRX 5400 - security log not working

    Posted 3 days ago

    Are the security policies also configured to log on either session init or close?  

    To enable logging for a security policy:

    1. For the default-permit security policy, specify that traffic logs are generated when a session closes.
      user@host# set security policies from-zone trust to-zone untrust policy default-permit then log session-close
       
    2. (Optional) Specify that traffic logs are generated when a session starts.
      user@host# set security policies from-zone trust to-zone untrust policy default-permit then log session-init

    https://supportportal.juniper.net/s/article/SRX-Getting-Started-Configure-Traffic-Logs-or-Security-Policy-Logs-for-SRX-High-End-Devices?language=en_US



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: SRX 5400 - security log not working

    Posted 3 days ago

    Yes logging is enabled with "then log session-init" and "then log session-close" statements.

    excerpt: 

    set logical-systems <logical-system-name> security policies from-zone <source-zone-name> to-zone <destination-zone-name> policy <policy-name> then log session-init
    set logical-systems <logical-system-name> security policies from-zone <source-zone-name> to-zone <destination-zone-name> policy <policy-name> then log session-close



    ------------------------------
    ADMIN ARS
    ------------------------------



  • 4.  RE: SRX 5400 - security log not working

    Posted 2 days ago

    The configuration then looks complete.  Can you confirm the source ip address is also in the inet.0 root routing instance and not a virtual router?



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: SRX 5400 - security log not working

    Posted 7 hours ago

    Hi,

    Yes it is. I have checked it with command "show route table inet.0"

    isn't there some process to restart for traffic logging ? is it process dfwd  ?

    Also tried to log traffic logs with syslog locally but it doesn't produce anything. 

    > show configuration system syslog file allowed-traffic
    any any;
    match RT_FLOW_SESSION_CREATE;

    > show configuration system syslog file blocked-traffic
    any any;
    match RT_FLOW_SESSION_DENY;

    Best regards



    ------------------------------
    ADMIN ARS
    ------------------------------



  • 6.  RE: SRX 5400 - security log not working

    Posted 7 hours ago

    System logs are being sent. from same source interface configured for security logs.



    ------------------------------
    ADMIN ARS
    ------------------------------



  • 7.  RE: SRX 5400 - security log not working

    Posted 2 days ago

    set security log stream security_logs category flow



    ------------------------------
    ANDREY LEO
    ------------------------------



  • 8.  RE: SRX 5400 - security log not working

    Posted 7 hours ago

    Hi, 

    tried it but still not working. even tried "category all" 



    ------------------------------
    ADMIN ARS
    ------------------------------



  • 9.  RE: SRX 5400 - security log not working

    Posted 7 hours ago

    Hi,

    If u use logical-system, as i remember u need to use vpls switch config to send traffic-log from logical-system.

    Thanks