SRX

Hello,

I encounter some trouble with syslog on my SRX3600 Cluster.

I would like to log all the session-init on syslog.

So , I use the following configuration :

    policy ALLOW {        

match {            

source-address any;            

destination-address any;          

 application any;      

 }        

then {            

permit;          

 log {                

session-init;          

}      

 }

user * {    

any emergency;

}

file traffic-log {    

user any;

}

node0:

Model: srx3600

JUNOS Software Release [10.4R3.4]
node1:

Model: srx3600

JUNOS Software Release [10.4R3.4]

When a session is open there is no log in the file traffic-log correspinding to the rule in the syslog configuration.

For information, I also have trouble with kmd log for IPSEC.

When a negociation start, there is no log in the kmd file.

I have a problem but I don't know where to look.

I have a second SRX3600 Cluster with JUNOS 10.2S5.3.

I use the same configuration and the syslog works fine.

Someone have an idea ?

Thanks.

To log traffic on the SRX3k series you will either need to setup 'security log stream' for remote logging or direct traffic logs from the data-plane to the control plane for local logging.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16506

I forgot  the state "mode event" in security log.

It's not really clear in the KB but It help me.

I assumed it was cause by an issue between the data-plane and the control plane.

I just forgot to check that.

Thanks.