Junos
Junos

"View Logs" Not Working In GUI on SRX 300

‎05-23-2019 09:56 AM

I have an SRX 300 and in the Monitor section under Security > Policy > Activities, I can search through the policies and under the "View Logs" column there is a button to click but it doesn't show any logs for any of the policies even though I have logging set for session-init and session-close. From what I've read I need to have logging type set to "Event Mode" for this to work but I need to have a copy of the logs continuously sent to a syslog server so it is currently set to "Stream Mode". I can see the logs through a realtime event viewer on the syslog server but previously on ScreenOS, I could have the traffic logs stream to a syslog server and also view them through the unit's web interface via the same button icon in the policies section. Is there any way to make this work in Junos so logs can be sent to a syslog server and still be available on the local SRX device or is there no option to save the logs to a local file for searching when in "Stream Mode"? Thank you in advance for your time!

2 REPLIES 2
Junos
Solution
Accepted by topic author XLII
‎06-10-2019 08:12 AM

Re: "View Logs" Not Working In GUI on SRX 300

‎05-24-2019 12:26 AM

Hi ,

 

On this Page,
Monitor  /  Security  /  Policy  /  Activities 
Security Policies Monitoring

There is a link on the top right hand side which says To enable logs : Goto


When you click on this , it says
To enable logs goto: Monitor > Alarms > Policy Log. Create log to enable the log.

 

When we go to this page,
Monitor  /  Alarms  /  Policy Log 
View Policy Log

It says :

Policy Log Not Available
The security log is configured in stream mode
The session logs are sent directly to the log collector and cannot be locally stored.
Please set the log mode to 'Event' to use the page.


When you click on Create Logs ,

 

show system syslog
file policy_session {
user info;
match RT_FLOW;
archive size 1000k world-readable;
structured-data;
}

 

Configure  /  Device Setup  /  Basic Settings  /  Logging 
Security Logging
It changes the Logging type to Event Mode

 

The following KB article explains the difference/trade-off between Event and Stream mode.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16509&actp=METADATA

 

With event mode, we could send policy logs to a local file as well as remote syslog server but recommended for environments with low amount of traffic only.

 

Regards,
Pradeep 2xJNCIE(SEC/ENT)
Highlighted
Junos

Re: "View Logs" Not Working In GUI on SRX 300

‎06-07-2019 07:07 AM
So sorry for the delayed response. Thank you so much for the information. This is what I needed!