SRX

last person joined: 22 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX Not Logging Traffic

    Posted 04-13-2010 12:20

    Hi All,

     

          Having a bit of a weird issue with my SRX210.  It seems as all traffic logging has recently stopped.  I have an SRX 100 with the exact same syslog configuration and it is logging traffic fine.

     

    I have included the pertinant configs.  * Note I tried withought the file Accepted traffic & blocked traffic, still would not work

     

    user * {
        any emergency;
    }
    file messages {
        any any;
        authorization info;
    }
    file interactive-commands {
        interactive-commands any;
    }
    file accepted-traffic {
        any any;
        match RT_FLOW_SESSION_CREATE;
    }
    file blocked-traffic {
        any any;
        match RT_FLOW_SESSION_DENY;
    }

     

     

    ***********

     

    policy trust-to-untrust {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit {
                application-services {
                    utm-policy custom-utm-policy;
                }
            }
            log {
                session-init;
            }
        }
    }

     

    Any have a clue?

     

    Thanks,

     

     


    #logging


  • 2.  RE: SRX Not Logging Traffic

    Posted 04-13-2010 18:43

    Hi,


    Try a "commit full" and if that doesn't work check the available disk space on our box.  I've come across an issue where one of these two stopped logging.

     

    -John



  • 3.  RE: SRX Not Logging Traffic

    Posted 04-14-2010 06:18

    Thanks for the suggestions but both of those dont fix my issue.

     

    I have 24% of storage used and the commit full did not seem to fix it.  Any other idea's?  Can I manually restart the logging deamon.  The system seems to log because I can see my web filter request logs, i just dont see any traffic logs.

     

     



  • 4.  RE: SRX Not Logging Traffic

    Posted 04-14-2010 07:51

    do you need a "session-close" on the policy logging for this.



  • 5.  RE: SRX Not Logging Traffic

    Posted 04-14-2010 07:52

    I dont need one but I did try adding it to see if it worked....it did not.



  • 6.  RE: SRX Not Logging Traffic

    Posted 04-14-2010 08:14

    Did you try adding a deny all rule (with a log statement) to see if that logs properly?



  • 7.  RE: SRX Not Logging Traffic

    Posted 04-14-2010 08:16

    No, Its in production so I cant really do that.  I will update to 10.1 later to see if that fixes it.  This is definatly a glitch because I took  the config and pasted it onto another SRX 210 and the logging works fine.

     

    Thanks for all the suggestions though.

     

     



  • 8.  RE: SRX Not Logging Traffic
    Best Answer

    Posted 04-15-2010 01:41

    Hi,

     

    Just try this "set security log mode event" to force writing logs to file.

     

    Albert



  • 9.  RE: SRX Not Logging Traffic

    Posted 04-15-2010 05:51

    Thanks Albert that fixed the problem right away!



  • 10.  RE: SRX Not Logging Traffic

    Posted 03-17-2011 07:48
    It helped to me too ... Thanks 😉