SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  log messages stopped generating logs

    Posted 03-19-2015 19:12

    When i do a show log messages on SRX3400 it shows logs only upto Dec 2014 there has been no major changes on the firewall other than policy changes. Is there any way to restart this loging deamon ?



  • 2.  RE: log messages stopped generating logs

     
    Posted 03-19-2015 22:11

    Hi chillipepper,

     

    Please use below command to restart the looging daemon eventd

     

    SRX>restart event-processing

     

    Thanks,

    Suraj

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too



  • 3.  RE: log messages stopped generating logs

    Posted 03-23-2015 16:50

    That still didnt help... still not seeing the sshd or check logging logs in the messages.



  • 4.  RE: log messages stopped generating logs

     
    Posted 03-23-2015 23:43

    Can you share your configuration and Junos versions?

     

    srx> show configuration system syslog 

     

     



  • 5.  RE: log messages stopped generating logs

    Posted 03-24-2015 16:49

    --- JUNOS 12.1X44-D45.2

     

    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any alert
    set system syslog user * daemon critical
    set system syslog user * interactive-commands error
    set system syslog host 10.10.120.161 any any
    set system syslog host 10.10.120.162 any any
    set system syslog file messages any info
    set system syslog file messages authorization info
    set system syslog file messages match RT_Screen
    set system syslog file interactive-commands interactive-commands error
    set system syslog file traffic-log any alert
    set system syslog file traffic-log match RT_FLOW_SESSION
    set system syslog file default-log any warning
    set system syslog file policy_session user info
    set system syslog file policy_session match RT_FLOW
    set system syslog file policy_session archive size 1000k
    set system syslog file policy_session archive world-readable
    set system syslog file policy_session structured-data

     

    It looks like some logs are present in default-logs  but those are  mostly the FPC and inetd logs



  • 6.  RE: log messages stopped generating logs
    Best Answer

     
    Posted 03-24-2015 21:52

    Hi chillipepper,

     

    As per your configuration, login messages are supposed to log in messages file. But you have specified match condition as RT_Screen , hence authorization info will not be logged to messages file. Please remove the match condition from messages file and check.

     

    #delete system syslog file messages match RT_Screen

    #commit



  • 7.  RE: log messages stopped generating logs

    Posted 03-25-2015 16:21

    That Worked... thanks



  • 8.  RE: log messages stopped generating logs

    Posted 03-26-2015 15:12

    Hi rsuraj

     

    As suggested by you i deleted system syslog file messages match RT_Screen that brought the logs back but now am seeing RT_FLOW session also being shown when i do show log messages.  How do i stop them from being shown in log messages and only send them to the configured syslog server ? 



  • 9.  RE: log messages stopped generating logs

     
    Posted 03-27-2015 05:55

    Hi chillipepper,

     

    Please add the below configuration to filetr RT_FLOW logs.

     

    #set system syslog file messages match "!(.*RT_FLOW*)"

    #commit



  • 10.  RE: log messages stopped generating logs

    Posted 04-02-2015 13:38

    Thanks that solved the issue