SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Regular Visitor
Posts: 7
Registered: ‎02-25-2013
0 Kudos
Accepted Solution

Syslog format

I've configured syslog for configuration changes to be logged on a remote server. Below is my config:

 

set system syslog host 10.10.10.10 any critical
set system syslog host 10.10.10.10 authorization any
set system syslog host 10.10.10.10 user critical
set system syslog host 10.10.10.10 change-log any
set system syslog host 10.10.10.10 source-address 10.20.20.20
set system syslog host 10.10.10.10 structured-data

 

I changed config on SRX and received following messages on Syslog server:

2017-05-18 15:03:59 Local6.Info 10.202.30.40 1 2017-05-18T15:03:59.506-06:00 SRXVPN01 mgd 93743 UI_CFG_AUDIT_OTHER [junos@2636.1.1.1.2.39 username="admin_xxxxxxxx" action="set" pathname="[system services telnet\]" delimiter="" value=""] User 'admin_xxxxxxxx' set: [system services telnet]
2017-05-18 15:04:51 Local6.Info 10.202.30.40 1 2017-05-18T15:04:51.648-06:00 SRXVPN01 mgd 93743 UI_CFG_AUDIT_OTHER [junos@2636.1.1.1.2.39 username="admin_xxxxxxxx" action="delete" pathname="[system services telnet\]" delimiter="" value=""] User 'admin_xxxxxxxx' delete: [system services telnet] 

 

The Syslog messages dont have the source address of machine that changes the config. 10.202.30.40 address is the managment address of the SRX. 

Am i missing something in config ?

 

Recognized Expert
Posts: 128
Registered: ‎12-10-2013
0 Kudos

Re: Syslog format

is the configured syslog source address defined on the SRX ?

 

if not I assume that this is the reson for the SRX to change to the loopback address.

 

regards

 

alexander

Recognized Expert
Posts: 199
Registered: ‎04-03-2015
0 Kudos

Re: Syslog format

Hi,

 

The details of the syslog message are meintioned in the following link :-

https://apps.juniper.net/syslog-explorer/#message=UI_CFG_AUDIT_OTHER&product=Junos%20OS&release=17.1

 

This does not contain the IP address of the machine from where the changes are being made. It notes the username.

 

HTH!

 

Regards,

Sahil Sharma

Please mark my response as Solution if it Helps, Kudos are Appreciated as well.

Regular Visitor
Posts: 7
Registered: ‎02-25-2013
0 Kudos

Re: Syslog format

Yes the source address isdefined in SRX. They are all in same VR.