SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Is it possible to send syslog files content to some server/pc?

    Posted 10-19-2016 10:57

    I want to send the content from some syslog files that I have already created to my PC for example. The logs I want to send are 2 only, one of them shows all network traffic, and the other one shows web filter logs:

     

    file Policy_Session {
    user info;
    match RT_FLOW;
    archive size 5m world-readable;
    structured-data;
    }
    file web-filtering {
    user warning;
    match WEBFILTER_URL_BLOCKED;
    archive size 2m world-readable;
    structured-data;
    }

     

     

    At the beginning, I saw that there is a way using "set system syslog host..." commands, but when I use this way I can only use one "match" per host. For example if I want to send network traffic logs to my PC 192.168.0.100, configuration would be like this:

     

    host 192.168.0.100 {
    any any;

    match RT_FLOW
    }

     

    But if I want to send both kind of logs (web filtering and network traffic) I can only specify one match, SRX don't allow to have cofiguration as I want:

     

    host 192.168.0.100 {
    any any;

    match RT_FLOW

    match WEBFILTER_URL_BLOCKED
    }

     

     

    So, I thought that maybe there is a way to send the files I already have created, but I haven't found the way to do it...



  • 2.  RE: Is it possible to send syslog files content to some server/pc?
    Best Answer

    Posted 10-19-2016 11:22

    You should be able to do an OR statement

     

    match (RT_FLOW|WEBFILTER_URL_BLOCKED)



  • 3.  RE: Is it possible to send syslog files content to some server/pc?

    Posted 10-19-2016 16:18
    @rseibert wrote:

    You should be able to do an OR statement

     

    match (RT_FLOW|WEBFILTER_URL_BLOCKED)

    Thank you! It already work, but with quotes instead of parenthesis:

     

    match "RT_FLOW|WEBFILTER_URL_BLOCKED";