Junos Space Developer
Junos Space Developer

Junos Security Log Director - not parsing log 'RT_IDS: RT_SCREEN_UDP'

‎02-12-2018 11:15 AM



I've recently deployed a SD distributed log collector solution (v17), log receiver is getting all logs from the SRX devices, and I can see logs on Junos Space, but when I look for the same logs inside Security Director>Monitor>All Events, I'm missing these type of logs:

RT_IDS: RT_SCREEN_UDP: UDP flood! source:, destination:, zone name: FW_CON, interface name: reth0.106, action: alarm-without-drop


To be fair, it's the only log that is not UI, I can see all the rest, and I can't generate any other log for testing, since the devices are in a production enviroment.


Any lights on the matter? Is it SD's normal behavior not to parse these kind of logs?


Thanks in advanced

Junos Space Developer
Accepted by topic author Narkissus
‎02-13-2018 08:43 AM

Re: Junos Security Log Director - not parsing log 'RT_IDS: RT_SCREEN_UDP'

‎02-13-2018 08:42 AM

Jtac made me notice I was using the wrong format under the stream configuration.


root@dev> show configuration security log
mode stream;
format sd-syslog;
source-address #myIp;
stream streamlog {
severity info;
format sd-syslog;  >>>>>> previously syslog, changed to sd-syslog