Junos
Junos

Juniper SRX syslog stream mode problem

‎12-10-2017 06:26 AM

hi  guys

My Juniper SRX 550 (A/S HA mode) send syslog to Centos rsyslog in stream mode .

When i view the real log in Centos display below(just dispaly title)

Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:24 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:27 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW
Dec 10 22:24:28 YZ-FW-A RT_FLOW

 

My Filewall syslog config

 

{primary:node0}[edit security log]
public@YZ-FW-A# show
mode stream;
format sd-syslog;
source-address 172.19.1.129;
stream sec {
severity debug;
format sd-syslog;
category all;
host {
192.168.66.115;
}
}

Firewall Routing-table

public@YZ-FW-A# run show route 192.168.66.115

inet.0: 79 destinations, 121 routes (79 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.66.0/24 *[Static/5] 2d 03:32:20
> via st0.0
[Static/100] 6d 02:10:09
> via st0.1

 

Please help

 

3 REPLIES 3
Junos
Solution
Accepted by topic author catalyst@juniper
‎12-10-2017 11:50 PM

Re: Juniper SRX syslog stream mode problem

‎12-10-2017 06:55 AM
Can you use any other syslog server to verify if this is server issue or not. It looks like some diplay filter issue on server.
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Junos

Re: Juniper SRX syslog stream mode problem

‎12-10-2017 07:11 AM

The Centos iptables filter INPUT and OUTPUT is ACCEPT.

 

when i change then format "syslog" on the SRX,that normal.

 

why format "sd-syslog" not display on Cenots rsyslog.. 

Junos

Re: Juniper SRX syslog stream mode problem

‎12-10-2017 11:52 PM