06-17-2009 06:27 PM
Just set up a 210 box in a lab enviroment to play with, after looking everywhere on the juniper web for some guidelines how to set up logging to NSM, i'm wondering if it is supported or not, any ideas about this anyone?
06-17-2009 10:54 PM
You might find this Knowledgebase article useful.
Basically NSM looks for log file called default-log-messages. So that would need to be configured on the SRX. Note that if you used device reachable workflow to add the device to NSM then this log file would automatically be added to the configuration during initial config push.
06-18-2009 04:43 AM
That did fix some stuff, i can now see stuff like this in NSM:
Log ID Time Received Alert User Flag Src Addr Dst Addr Action Protocol Dst Port Rule # Nat Src Addr Nat Dst Addr Details Category Subcategory Severity Device Comment
20090618/68 18.06.09 13:35:44 No Alert Unflagged 0.0.0.0 0.0.0.0 Accepted HOPOPT 0 0.0.0.0 0.0.0.0 firstname.lastname@example.org command=request-web-management-update session-id=090bceb14667b0e07bb6457e7ec8e251649d9699 User 'root' used JUNOScript client to run command 'request-web-management-update session-id=090bceb14667b0e07bb6457e7ec8e251649d9699'
Info UI_JUNOSCRIPT_CMD Informational
but still no traffic logs...
07-08-2009 12:57 PM - edited 07-08-2009 01:02 PM
Can you show one of the policy configuration for which you are expecting to see traffic logs for? It may be that you left out to enable log on the policy by any chance?
Also check out this post from previously, I think the links to the KBs should help you:
07-08-2009 02:21 PM
Been speaking to Juniper TAC about this, they confirmed that NSM and JunOS 95 are not supporting trafficlogging into nsm Yet.. but will come in NSM 2009.something...
so guess we have to stick to good old syslog in the meantime... such as splunk...
if only there could be some finished plugins for splunk for JunOS...