Hi,
Yes it is. I have checked it with command "show route table inet.0"
isn't there some process to restart for traffic logging ? is it process dfwd ?
Also tried to log traffic logs with syslog locally but it doesn't produce anything.
> show configuration system syslog file allowed-traffic
any any;
match RT_FLOW_SESSION_CREATE;
> show configuration system syslog file blocked-traffic
any any;
match RT_FLOW_SESSION_DENY;
Best regards
------------------------------
ADMIN ARS
------------------------------
Original Message:
Sent: 02-04-2025 19:56
From: spuluka
Subject: SRX 5400 - security log not working
The configuration then looks complete. Can you confirm the source ip address is also in the inet.0 root routing instance and not a virtual router?
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 02-04-2025 05:45
From: ADMIN ARS
Subject: SRX 5400 - security log not working
Yes logging is enabled with "then log session-init" and "then log session-close" statements.
excerpt:
set logical-systems <logical-system-name> security policies from-zone <source-zone-name> to-zone <destination-zone-name> policy <policy-name> then log session-init
set logical-systems <logical-system-name> security policies from-zone <source-zone-name> to-zone <destination-zone-name> policy <policy-name> then log session-close
------------------------------
ADMIN ARS
Original Message:
Sent: 02-03-2025 19:25
From: spuluka
Subject: SRX 5400 - security log not working
Are the security policies also configured to log on either session init or close?
To enable logging for a security policy:
- For the
default-permit
security policy, specify that traffic logs are generated when a session closes.
user@host# set security policies from-zone trust to-zone untrust policy default-permit then log session-close
- (Optional) Specify that traffic logs are generated when a session starts.
user@host#
set security policies from-zone trust to-zone untrust policy default-permit then log session-init
https://supportportal.juniper.net/s/article/SRX-Getting-Started-Configure-Traffic-Logs-or-Security-Policy-Logs-for-SRX-High-End-Devices?language=en_US
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 02-03-2025 03:16
From: ADMIN ARS
Subject: SRX 5400 - security log not working
Hi,
Remote logging of security logs is not working on our srx5400 firewall. we would like to send traffic logs to a syslog server. software version is 21.4R3-S7.9.
system logs are being sent, but not security logs. SRX5400 being SRX high end, we made sure to source the traffic log stream from a data plane interface, not RE interface.
here is the configuration:
mode stream;
source-address <data-plane-interface-ip-address>;
stream security_logs {
severity info;
host {
<syslog-server-ip-adress>;
}
}
thanks for your help.
------------------------------
ADMIN ARS
------------------------------