SRX

Hi,

I've spent some time getting syslog working for a active/passive SRX340 cluster. I have set up:

node0 {
    system {
        host-name myhost-node0-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node0 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address m.m.m.m/24;
                }
            }
        }
    }
}
node1 {
    system {
        host-name myhost-node1-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node1 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address q.q.q.q/24;
                }
            }
        }
    }
}

Files messages-node0 and messages-node1 get data, host n.n.n.n does not.

show route n.n.n.n does show a direct route via reth3.0

monitor traffic interface reth3.0 no-resolve matching "host n.n.n.n and port 514" shows:
225 packets received by filter
0 packets dropped by kernel

but no data in CLI.

Can anyone point me in the right direction?

Thanks in advance,

Best regards,

Meindert.

Syslog Server n.n.n.n is not getting data at all, or not getting data from node1?

Keep in mind that a reth interface can only be active on one of the two nodes at a time.

Hi,

I've spent some time getting syslog working for a active/passive SRX340 cluster. I have set up:

node0 {
    system {
        host-name myhost-node0-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node0 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address m.m.m.m/24;
                }
            }
        }
    }
}
node1 {
    system {
        host-name myhost-node1-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node1 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address q.q.q.q/24;
                }
            }
        }
    }
}

Files messages-node0 and messages-node1 get data, host n.n.n.n does not.

show route n.n.n.n does show a direct route via reth3.0

monitor traffic interface reth3.0 no-resolve matching "host n.n.n.n and port 514" shows:
225 packets received by filter
0 packets dropped by kernel

but no data in CLI.

Can anyone point me in the right direction?

Thanks in advance,

Best regards,

Meindert.

Hi,

I've spent some time getting syslog working for a active/passive SRX340 cluster. I have set up:

node0 {
    system {
        host-name myhost-node0-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node0 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address m.m.m.m/24;
                }
            }
        }
    }
}
node1 {
    system {
        host-name myhost-node1-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node1 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address q.q.q.q/24;
                }
            }
        }
    }
}

Files messages-node0 and messages-node1 get data, host n.n.n.n does not.

show route n.n.n.n does show a direct route via reth3.0

monitor traffic interface reth3.0 no-resolve matching "host n.n.n.n and port 514" shows:
225 packets received by filter
0 packets dropped by kernel

but no data in CLI.

Can anyone point me in the right direction?

Thanks in advance,

Best regards,

Meindert.

Do you have the management interfaces in the mgmt-junos routing instance, or the default?  If you put them in the separate routing instance then you can send the traffic out of those ports even if the target is available in the existing routing table.

Hi,

I've spent some time getting syslog working for a active/passive SRX340 cluster. I have set up:

node0 {
    system {
        host-name myhost-node0-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node0 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address m.m.m.m/24;
                }
            }
        }
    }
}
node1 {
    system {
        host-name myhost-node1-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node1 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address q.q.q.q/24;
                }
            }
        }
    }
}

Files messages-node0 and messages-node1 get data, host n.n.n.n does not.

show route n.n.n.n does show a direct route via reth3.0

monitor traffic interface reth3.0 no-resolve matching "host n.n.n.n and port 514" shows:
225 packets received by filter
0 packets dropped by kernel

but no data in CLI.

Can anyone point me in the right direction?

Thanks in advance,

Best regards,

Meindert.

Do you have the management interfaces in the mgmt-junos routing instance, or the default?  If you put them in the separate routing instance then you can send the traffic out of those ports even if the target is available in the existing routing table.

Hi,

I've spent some time getting syslog working for a active/passive SRX340 cluster. I have set up:

node0 {
    system {
        host-name myhost-node0-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node0 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address m.m.m.m/24;
                }
            }
        }
    }
}
node1 {
    system {
        host-name myhost-node1-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node1 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address q.q.q.q/24;
                }
            }
        }
    }
}

Files messages-node0 and messages-node1 get data, host n.n.n.n does not.

show route n.n.n.n does show a direct route via reth3.0

monitor traffic interface reth3.0 no-resolve matching "host n.n.n.n and port 514" shows:
225 packets received by filter
0 packets dropped by kernel

but no data in CLI.

Can anyone point me in the right direction?

Thanks in advance,

Best regards,

Meindert.

If I understand correctly,

You mean it would be ok to put a static route on the management routing instance that points to the interface where the syslog server lives?

Sounds like that could solve my problem. These are production machines..

Do you have the management interfaces in the mgmt-junos routing instance, or the default?  If you put them in the separate routing instance then you can send the traffic out of those ports even if the target is available in the existing routing table.

Hi,

I've spent some time getting syslog working for a active/passive SRX340 cluster. I have set up:

node0 {
    system {
        host-name myhost-node0-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node0 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address m.m.m.m/24;
                }
            }
        }
    }
}
node1 {
    system {
        host-name myhost-node1-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node1 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address q.q.q.q/24;
                }
            }
        }
    }
}

Files messages-node0 and messages-node1 get data, host n.n.n.n does not.

show route n.n.n.n does show a direct route via reth3.0

monitor traffic interface reth3.0 no-resolve matching "host n.n.n.n and port 514" shows:
225 packets received by filter
0 packets dropped by kernel

but no data in CLI.

Can anyone point me in the right direction?

Thanks in advance,

Best regards,

Meindert.

Yes that's right, I use that set up at a number of sites.  Make sure that the management interfaces aren't in the same subnet as any of the data interfaces to be sure of no problems.

If I understand correctly,

You mean it would be ok to put a static route on the management routing instance that points to the interface where the syslog server lives?

Sounds like that could solve my problem. These are production machines..

Do you have the management interfaces in the mgmt-junos routing instance, or the default?  If you put them in the separate routing instance then you can send the traffic out of those ports even if the target is available in the existing routing table.

Hi,

I've spent some time getting syslog working for a active/passive SRX340 cluster. I have set up:

node0 {
    system {
        host-name myhost-node0-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node0 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address m.m.m.m/24;
                }
            }
        }
    }
}
node1 {
    system {
        host-name myhost-node1-srx;
        syslog {
            host n.n.n.n {
                any notice;
                authorization info;
            }
            file messages-node1 {
                any warning;
                authorization info;
            }
        }
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address q.q.q.q/24;
                }
            }
        }
    }
}

Files messages-node0 and messages-node1 get data, host n.n.n.n does not.

show route n.n.n.n does show a direct route via reth3.0

monitor traffic interface reth3.0 no-resolve matching "host n.n.n.n and port 514" shows:
225 packets received by filter
0 packets dropped by kernel

but no data in CLI.

Can anyone point me in the right direction?

Thanks in advance,

Best regards,

Meindert.