SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Nothing shows up when logging policy on SRX3600

    Posted 09-29-2010 00:28

    Hi. I am trying to configure policy logging on an SRX3600, but nothing shows up in my log file. Here is the policy I'm trying to log:

     

     

    policy default-permit {
    match {
        source-address any;
        destination-address any;
        application any;
    }
    then {
        permit;
        log {
            session-init;
            session-close;
        }
        count;
    }
}

     

    Here is the log file config (under system syslog):

     

     

    file sessions {
    any any;
    match RT_FLOW_SESSION;
}

     

     

    I know there is traffic that matches this policy, and the statistics confirm this:

     

     

      Policy statistics:
    Input  bytes     :             51664504               122690 bps
    Output bytes     :             51664504               122690 bps
    Input  packets   :               106065                  232 pps
    Output packets   :               106065                  232 pps
    Session rate     :                  719                    1 sps
    Active sessions  :                   68
    Session deletions:                  651
    Policy lookups   :                  642

     

    Yet nothing at all is written to the log file. Every resource I can get my hands on tells me to configure policy logging exactly this way, so I'm stumped. Thanks in advance for your insights!

     

    Edit: forgot to mention my JUNOS version, I'm using JUNOS Software Release [10.1R1.8]



  • 2.  RE: Nothing shows up when logging policy on SRX3600
    Best Answer

    Posted 09-29-2010 11:41

    The SRX3000 doesn't send its traffic logs to the routing engine by default, so you won't see any traffic logs in the syslog.

     

    If you want to log traffic, you have two options:

    - stream the the logs directly to an external syslog server

    - send the logs to the routing engine and rate-limit them

     

    see http://kb.juniper.net/KB16506 for details on how to configure this.

     



  • 3.  RE: Nothing shows up when logging policy on SRX3600

    Posted 09-29-2010 21:34

    Given the crazy data rates that an SRX chassis-based system is capable of processing, I think that sending the logs to the routing engine is a bad idea.  I would definitely recommend using an external syslog server that is capable of high data rates.

     

    Ron



  • 4.  RE: Nothing shows up when logging policy on SRX3600

    Posted 10-19-2010 03:50

    Thanks for your replies! Weird that O'Reilly's book makes no mention of that in the policy logging section even though their example prompt reads "SRX5600"!



  • 5.  RE: Nothing shows up when logging policy on SRX3600

    Posted 09-26-2014 09:31

    So there is no way to see the logs on the device itself or in the GUI?

     

    I do have a remote syslog server but sometimes I just want to look ont the device itself.