SRX

last person joined: 18 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX - IDP Logging

    Posted 07-12-2011 12:46

    Hello,

     

    Are there any plans to address IDP logging for the SRX?  I have a customer who doesn't have an NSM or syslog server.  He's insisting that we figure out a way to log and analyze the data locally on the SRX.  What I plan to test is soft link a file to a USB stick and tweak the IDP rules to log to that file.  I then may try and offload the logs to our STRM.  He's not a managed services customer, so I'm unable to leverage our NSM or STRM.  Is there anything else I could try?  Anything else on the roadmap?  Thank you.

     

    John



  • 2.  RE: SRX - IDP Logging

    Posted 07-12-2011 13:47

    John,

     

    It sounds like you already have the short-term solution in hand, with local file logging, which I'll admit is suboptimal.  From your description, it sounds like you already know the CLI commands to make that happen. 

     

    Another idea is to set up a syslog server.  I understand from your post that the customer "doesn't have a syslog server", but frankly, they're quite easy to set up, and there are many free syslog solutions to be found.  The commands  to do local file logging and remote syslog logging are very similar.  Once you have the logs on the syslog server, local analysis is fairly straightforward.

     

    What it really seems you're asking, however, is if/when you will be able to view IDP event logs (such as signature matches) directly from the J-Web.  I've checked in with our Product Line Manager for a response to that, and will post an updated message when I get the answer to your Road Map question.

     

    -Dave

     



  • 3.  RE: SRX - IDP Logging

    Posted 07-12-2011 17:10

    Hi Dave,

     

    Yes, exactly.  The customer likes the J-Web and would like to be to view some log data.  Specifically IDP related events.  I agree Syslog is the way to go, which is what I suggested.  Thanks for the reply.  


    John



  • 4.  RE: SRX - IDP Logging

    Posted 07-12-2011 18:44

    John,

     

    Looks like I probably won't have a response from PLM by the time this is done, but I've been assured when I do get a response, it will be posted here.  Please "subscribe" to this post, and when we do get an answer, you'll know right away.

     

    -Dave



  • 5.  RE: SRX - IDP Logging
    Best Answer

    Posted 07-12-2011 20:59

    John,

     

    Good news, everyone!  

     

    I just heard from PLM - enhancements your customer is looking for is schedulled for Branch devices in JunOS 11.4.

     

    I hope it's what your customer is looking for!

     

    -Dave



  • 6.  RE: SRX - IDP Logging

    Posted 10-02-2012 03:22

    hi Dave

     

    TX for the update

     

    which log file do we need to look in for the IDP logs? and is it possible to only LOG threats and not block anything?

     

    PLs send me the CLI

     

    TX