SRX Services Gateway
Reply
Visitor
Highrisesector
Posts: 4
Registered: ‎02-22-2010
0

SRX: No Policy Logs in Web Device Manager

Hello,

 

I've configured some of my Policies with logging. But when I entered the Web Device Manager and klick on the Logging Symbol under Firewall Policies, i cannot see any entries. I've  found a knowledge base entry how to write the policy logs to a seperate file. this works very well, but i can't see anything in the WebGui. The Problem occours in Junos 10.1R3 and in 10.2R2.11, too.

What the  problem?

 

 show system syslog
archive size 100k files 3;
user * {
    any emergency;
}
inactive: host 10.130.110.1 {
    security any;
    kernel emergency;
    user any;
    change-log any;
}
file messages {
    any critical;
    authorization info;
}
file interactive-commands {
    interactive-commands error;
}
file traffic-log {
    any any;
    match RT_FLOW_SESSION;
}

[edit]

 

 

show security policies from-zone trust to-zone untrust

 

policy Linux-machines-to-any {
    match {
        source-address Range_linux;
        destination-address any;
        application any;
    }
    then {
        permit;
        log {
            session-close;
        }
    }
}

 

 

Trusted Contributor
rfrederick
Posts: 213
Registered: ‎07-14-2008
0

Re: SRX: No Policy Logs in Web Device Manager

This is a known issue. The logs are being generated, just not wherever the jweb gui is pointing. You can look at your file from the cli or you can download the files via jweb for offline processing. It is a little bit manual for the time being. Ron
Visitor
Highrisesector
Posts: 4
Registered: ‎02-22-2010
0

Re: SRX: No Policy Logs in Web Device Manager

Thank you for your answer. That means I have to wait until this issue is solved in any future release?!

Trusted Contributor
rfrederick
Posts: 213
Registered: ‎07-14-2008
0

Re: SRX: No Policy Logs in Web Device Manager

Yes, you will have to either wait till it is resolved, use an external syslog server, or live with the alternate log viewing on the box.  My usual solution is using grep to find the logs that match the policy ID I am interested in from the firewall CLI.

 

Ron

Contributor
jamoi
Posts: 25
Registered: ‎01-15-2008
0

Re: SRX: No Policy Logs in Web Device Manager

Anyone know if this has been fixed in 10.4?

Thanks!

Super Contributor
colemtb
Posts: 313
Registered: ‎09-30-2009
0

Re: SRX: No Policy Logs in Web Device Manager

Nope.  As in no logging information present.

Contributor
Deimark
Posts: 41
Registered: ‎08-05-2009
0

Re: SRX: No Policy Logs in Web Device Manager

Anyone know if this is fixed in 10.4R3?

 

Having a tough time explaing to the customer that his new all singing and dancing firewall cant even show logs in Jweb.  :smileymad:

--
DM

JNCIP-SEC, JNCIP-ENT, JNCIS-SEC, JNCIS-ENT, JNCIS-FWV, JNCIS-SSL,JNCIA-AC, JNCIA-IDP

-----------
The art of diplomacy is saying "nice doggy" til you can find a rock.
Juniper Employee
bnagwani
Posts: 4
Registered: ‎10-27-2010
0

Re: SRX: No Policy Logs in Web Device Manager

Go to Monitor/Events and Alarms/Security events. See if the log file(s) configured is being detected by the page. If not the "Creat log configuration" will be enabled. When you click on it it creates the proper syslog config and you can start seeing logs.

 

The important thing is the world readable attribute should be set.

 

This is a sample

 

# show | compare rollback 1
[edit system syslog]
     file inter { ... }
+    file policy_session {
+        user info;
+        match RT_FLOW;
+        archive size 1000k world-readable;
+        structured-data;
+    }

 

Regards

Contributor
Deimark
Posts: 41
Registered: ‎08-05-2009
0

Re: SRX: No Policy Logs in Web Device Manager

w00t!

 

Adding the world readable parameter solved my issue here, I now see logs within the log viewer in Jweb.

 

Note, I am using 10.2R3.10

 

Cuddles

 

DM

--
DM

JNCIP-SEC, JNCIP-ENT, JNCIS-SEC, JNCIS-ENT, JNCIS-FWV, JNCIS-SSL,JNCIA-AC, JNCIA-IDP

-----------
The art of diplomacy is saying "nice doggy" til you can find a rock.
Contributor
Deimark
Posts: 41
Registered: ‎08-05-2009
0

Re: SRX: No Policy Logs in Web Device Manager

Oops, I spoke too soon.

 

I can get logs for some policies but not for others.

 

Basically I can see the logs in my custom traffic-log file when viewed from the CLI, and this does seem to refelct the corerect policy and zonal match however, when I click on the log icon in the security policay page, I get nothing returned.

 

Are there any caveats to what we can log successfully?  At the moment I am logging on session-close and have been waiting a while for all the sessions to time out fully.

--
DM

JNCIP-SEC, JNCIP-ENT, JNCIS-SEC, JNCIS-ENT, JNCIS-FWV, JNCIS-SSL,JNCIA-AC, JNCIA-IDP

-----------
The art of diplomacy is saying "nice doggy" til you can find a rock.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.