Routing

Hello,

I put in this configuration on my mx960 (Junos 10.4), sending the logs to the routing engine to capture the NAT event records from the service set.

But when I did show log messages, I didn't see any NAT log event, can somebody explain why and how I can get this done without a syslog server.

edit services service-set RR

set syslog host local services info log-prefix NAT44

services {

 services-set RR {
  

syslog {
   host local {
   
   services info;
   log-prefix NAT44
   }
  }
 }

}

Regards 

Hello,

JUNOS 10.4 does not support Port Block Allocation (PBA) feature - it is available from JUNOS 11.2 onwards.

PBA significantly reduces syslogging.

Therefore, you are limited to "per-flow" syslogging meaning 1 syslog message per new unique session establishment and 1 per session close.

To get these "per-flow" syslog messages, please add following to Your config:

set services service-set RR syslog host local class session-logs

 HTH

Rgds

Alex

Hi Alex,

Thanks, but will the class statement really work for Junos OS 10.4, the statement was introduced in Junos OS Release 11.2 ?

Regards

Hi there,

"class" knob does work in 10.4 but is hidden so you have to type it in full when entering it via CLI.

If you cannot afford to use hidden JUNOS knobs, then you can achieve per-flow syslogging by configuring "then syslog" under each stateful-firewall rule term.

Also, I just noticed that you have configured to syslog only "info"  severity events from MSDPC.

If your "messages" file is not configured to accept "info" severity events, you can miss MSDPC syslog.

Please check what cutoff severity is configured under [edit system syslog file messages].

HTH

Rgds
Alex