Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  "View Logs" Not Working In GUI on SRX 300

    Posted 05-23-2019 09:57

    I have an SRX 300 and in the Monitor section under Security > Policy > Activities, I can search through the policies and under the "View Logs" column there is a button to click but it doesn't show any logs for any of the policies even though I have logging set for session-init and session-close. From what I've read I need to have logging type set to "Event Mode" for this to work but I need to have a copy of the logs continuously sent to a syslog server so it is currently set to "Stream Mode". I can see the logs through a realtime event viewer on the syslog server but previously on ScreenOS, I could have the traffic logs stream to a syslog server and also view them through the unit's web interface via the same button icon in the policies section. Is there any way to make this work in Junos so logs can be sent to a syslog server and still be available on the local SRX device or is there no option to save the logs to a local file for searching when in "Stream Mode"? Thank you in advance for your time!


    #SRX
    #SearchLogs
    #logging


  • 2.  RE: "View Logs" Not Working In GUI on SRX 300
    Best Answer

    Posted 05-24-2019 00:27

    Hi ,

     

    On this Page,
    Monitor  /  Security  /  Policy  /  Activities 
    Security Policies Monitoring

    There is a link on the top right hand side which says To enable logs : Goto


    When you click on this , it says
    To enable logs goto: Monitor > Alarms > Policy Log. Create log to enable the log.

     

    When we go to this page,
    Monitor  /  Alarms  /  Policy Log 
    View Policy Log

    It says :

    Policy Log Not Available
    The security log is configured in stream mode
    The session logs are sent directly to the log collector and cannot be locally stored.
    Please set the log mode to 'Event' to use the page.


    When you click on Create Logs ,

     

    show system syslog
    file policy_session {
    user info;
    match RT_FLOW;
    archive size 1000k world-readable;
    structured-data;
    }

     

    Configure  /  Device Setup  /  Basic Settings  /  Logging 
    Security Logging
    It changes the Logging type to Event Mode

     

    The following KB article explains the difference/trade-off between Event and Stream mode.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB16509&actp=METADATA

     

    With event mode, we could send policy logs to a local file as well as remote syslog server but recommended for environments with low amount of traffic only.

     



  • 3.  RE: "View Logs" Not Working In GUI on SRX 300

    Posted 06-07-2019 07:07
    So sorry for the delayed response. Thank you so much for the information. This is what I needed!