SRX Services Gateway
Reply
Contributor
eugoegd
Posts: 18
Registered: ‎08-07-2010
0

logging nat sessions

Hello,

 

What is the best way to log nat sessions to a remote syslog with a srx 3600?

 

Thank you.

 

Super Contributor
colemtb
Posts: 311
Registered: ‎09-30-2009
0

Re: logging nat sessions

[ Edited ]

IF it's STRM you can create a custom filter from zone trust to untrust and put that in a report...  Otherwise, under the session RT_FLOW_SESSION_CREATE information that is sent you should have the following information...

 

src-nat-rule-name="None" dst-nat-rule-name="None"

 

 

Contributor
eugoegd
Posts: 18
Registered: ‎08-07-2010
0

Re: logging nat sessions

I already got that.

My problem is about logging with a remote syslog. Don't want to log into a file.

 

Super Contributor
colemtb
Posts: 311
Registered: ‎09-30-2009
0

Re: logging nat sessions

[ Edited ]

Under system log to a host.  The host is the IP you want to log to.

 

syslog {
    host X.X.X.X {
        any any;
        match RT_FLOW_SESSION_CREATE | RT_FLOW_SESSION_DENY | RT_FLOW_SESSION_CLOSE | RT_IDP;
    }

Contributor
WiserRonin
Posts: 19
Registered: ‎01-08-2010
0

Re: logging nat sessions

Hi, on a SRX firewall device you do like this under the security log stanza you can configure this:

 

show configuration security log 

 

mode stream;
format syslog;
source-address X.X.X.X;
stream logserver {
    host {
        X.X.X.X;
    }
}
This will render a syslog stream to your logserver with all the sessions generated at your firewall device.
-John

 

Super Contributor
colemtb
Posts: 311
Registered: ‎09-30-2009
0

Re: logging nat sessions

Yeah, second that, Stream is the way to go.  You will get tons more information then just syslog on match statement.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.