SRX

last person joined: 5 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Default Loggin mode in SRX?

    Posted 08-03-2011 13:07

    Hi

     

    1- By defaul the loggin mode in SRX is event or stream?

    2- What is the difference in terms of type of logs in event and stream? I mean does event logging supports all types of logs like UTM/IDP/Security policy logs and similarly stream mode supports which logs?

     

    Thanks



  • 2.  RE: Default Loggin mode in SRX?
    Best Answer

    Posted 08-03-2011 17:01

    The default is event on SRX100, SRX210, SRX240, SRX650
    The default is stream on SRX1400, SRX3000 and SRX5000

     

    thanks,

    Raheel



  • 3.  RE: Default Loggin mode in SRX?

    Posted 08-04-2011 13:28

    Thanks. Can you reply to my second question as well.

     

    Thanks



  • 4.  RE: Default Loggin mode in SRX?

    Posted 08-04-2011 13:30

    But in SRX240, I made one file under [system syslog] and capturing the RT_FLOW_SESSION this file shows log only if I make the mode event. If I remove the command "set security log mode event" the file does not show any logs. it means the default mode is stream?

     

     



  • 5.  RE: Default Loggin mode in SRX?

    Posted 08-06-2011 02:31
    @aeroplane wrote:

    But in SRX240, I made one file under [system syslog] and capturing the RT_FLOW_SESSION this file shows log only if I make the mode event. If I remove the command "set security log mode event" the file does not show any logs. it means the default mode is stream?

     

     

    Yes, that's right aeroplane. In order to have the syslog file receive actual traffic logs from the dataplane, you need to enable event mode logging (this will cause the dataplance traffic logs to be pushed to the control plane, where they will be picked up by syslog). 

     

    Hope this helps.



  • 6.  RE: Default Loggin mode in SRX?

    Posted 08-08-2011 11:54

    Thank Dear. But could you please confirm that what is the default logging mode in SRX? Also Security Policies LOG/IDP LOG/UTM LOG, all supported in event and stream mode?

     

    Thanks



  • 7.  RE: Default Loggin mode in SRX?

    Posted 08-10-2011 08:55
    @aeroplane wrote:

    Thank Dear. But could you please confirm that what is the default logging mode in SRX? Also Security Policies LOG/IDP LOG/UTM LOG, all supported in event and stream mode?

     

    Thanks

    There is no such thing as a "default logging mode". You can use either one, whichever makes more sense in your environment.

     

    Stream mode logging can only be used for security/traffic logs. Everything else will be logged directly on the control plane (into files or to another syslog host).

     

    No defaults there.



  • 8.  RE: Default Loggin mode in SRX?

    Posted 08-04-2011 21:06

    We support all security logs in both stream mode and event mode.

     

    thanks,

    raheel