02-15-2011 05:30 AM
Hello,
What is the best way to log nat sessions to a remote syslog with a srx 3600?
Thank you.
02-15-2011 07:44 AM - edited 02-15-2011 12:34 PM
IF it's STRM you can create a custom filter from zone trust to untrust and put that in a report... Otherwise, under the session RT_FLOW_SESSION_CREATE information that is sent you should have the following information...
src-nat-rule-name="None" dst-nat-rule-name="None"
02-15-2011 12:10 PM
I already got that.
My problem is about logging with a remote syslog. Don't want to log into a file.
02-15-2011 12:30 PM - edited 02-15-2011 12:33 PM
Under system log to a host. The host is the IP you want to log to.
syslog { host X.X.X.X { any any; match RT_FLOW_SESSION_CREATE | RT_FLOW_SESSION_DENY | RT_FLOW_SESSION_CLOSE | RT_IDP; }
02-16-2011 12:31 AM
Hi, on a SRX firewall device you do like this under the security log stanza you can configure this:
show configuration security log
02-16-2011 05:22 AM
Yeah, second that, Stream is the way to go. You will get tons more information then just syslog on match statement.
