SRX

last person joined: 23 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Local logging to file not working. syslog server does work

    Posted 03-14-2013 14:15

    Hi people, I have an issue where the firewall / router is not logging to the local files. They sit there at 0kb

     

    I have SRX 550 Junos 12.1 devices in an active standby configuration.

     

    I can log fine to a syslog server..

     

    however the local files are 0kb:

     

    root@LME150FW001> show configuration system syslog
    archive size 100k files 3;
    user * {
    any emergency;
    }
    host 10.1.9.7 {
    any any;
    port 514;
    source-address 10.1.9.254;
    structured-data;
    }
    file messages {
    any error;
    authorization info;
    }
    file interactive-commands {
    interactive-commands error;
    }
    file policy_session {
    user info;
    match RT_FLOW;
    archive size 1000k world-readable;
    structured-data;
    }
    file traffic-denied {
    any any;
    user info;
    match RT_FLOW_SESSION_DENY;
    }
    file traffic-permitted {
    any any;
    user info;
    match RT_FLOW_SESSION_CREATE;
    archive size 1000k files 3 world-readable;
    structured-data;
    }

     

     

    show log ?

    ......

    traffic-denied Size: 0, Last changed: Mar 14 14:31:15

    traffic-permitted Size: 0, Last changed: Mar 14 14:31:15

     

     

    any ideas?



  • 2.  RE: Local logging to file not working. syslog server does work

    Posted 03-17-2013 06:39

    Anyone?

     

    How do you guys examine the traffic in your firewall being accepted denied in real time?????? Really regretting getting these over other firewalls I cant see what is going on in real time



  • 3.  RE: Local logging to file not working. syslog server does work

    Posted 03-18-2013 04:38

    Show log mesages should give you the results

     

    HOWEVER

     

    if you want to check the traffic logs you need to apply LOG as action in the security policy

     

    set security policies from-zone A to-zone B policy POLICY-NAME then log session-close

     

    Regards,

    Sachin



  • 4.  RE: Local logging to file not working. syslog server does work

    Posted 03-18-2013 05:52

    Yes all that log config is on my policies, I followed the Juniper guides and numerous posts.

     

     

    e.g.

    from-zone trust to-zone wan {
    policy OfficeNets_to_DC_MemberNets {
    match {
    source-address any;
    destination-address DCMemberNets;
    application any;
    }
    then {
    permit;
    log {
    session-init;
    session-close;
    }
    }

    I cannot seem to find anyone with the same issue.  If I log an Any Any to a file with no match filter, I just get log messages of cli commands.



  • 5.  RE: Local logging to file not working. syslog server does work
    Best Answer

    Posted 03-19-2013 03:24

    It seems that no one can explain it better than this guy!

     

    http://jncie-sec.exactnetworks.net/2012/11/security-policies-logging-srx-traffic.html#comment-form

     

    Once event mode was reinstated, and added user info - its cool