You can do TLS syslog if you change the SRX logging mode to stream logging instead of event mode. That way the syslog updates are sent directly from the flowd/PFE and not passing the routing-engine. This will not cover syslog from the RE itself (link up/down and similar)
Example configuration. Change options as needed.
Note: When you change to stream logging this will block you from saving syslog locally on the SRX300 series - on larger boxes or vSRX you can still define a file destination instead of a external host.
user@srx> show configuration services ssl initiation profile tls-syslog
protocol-version tls12;
actions {
ignore-server-auth-failure;
crl {
disable;
}
}
user@srx> show configuration security log
mode stream;
source-interface ge-0/0/0.0;
transport {
tcp-connections 1;
protocol tls;
tls-profile tls-syslog;
}
stream tls-syslog-stream {
severity debug;
format sd-syslog;
category all;
host {
X.X.X.X;
port 514;
}
rate-limit {
300;
}
}