Hi, I've been trying to redirect security log to my log server, as follows
xxxx@j2350> show configuration security log
mode stream;
format sd-syslog;
source-address 10.0.0.1;
stream mon {
severity warning;
category all;
host {
10.0.0.4;
port 514;
}
}
however, I can't seem to receive it at all, tcpdump on the receiving side shows nothing, in the documentation, it says the log will be send in data plane through "revenue port", what is that? my screen policy are applied to DMZ zone which is sepreate interface than the 10.0.0.4 interface.
nonetheless, I did a tcpdump on both interface and there's no traffic showing up at all, please help!