Hi ,
On this Page,
Monitor / Security / Policy / Activities
Security Policies Monitoring
There is a link on the top right hand side which says To enable logs : Goto
When you click on this , it says
To enable logs goto: Monitor > Alarms > Policy Log. Create log to enable the log.
When we go to this page,
Monitor / Alarms / Policy Log
View Policy Log
It says :
Policy Log Not Available
The security log is configured in stream mode
The session logs are sent directly to the log collector and cannot be locally stored.
Please set the log mode to 'Event' to use the page.
When you click on Create Logs ,
show system syslog
file policy_session {
user info;
match RT_FLOW;
archive size 1000k world-readable;
structured-data;
}
Configure / Device Setup / Basic Settings / Logging
Security Logging
It changes the Logging type to Event Mode
The following KB article explains the difference/trade-off between Event and Stream mode.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB16509&actp=METADATA
With event mode, we could send policy logs to a local file as well as remote syslog server but recommended for environments with low amount of traffic only.