Junos
Highlighted
Junos

syslog for some of the logged policies but not all of the logged policies

‎01-27-2017 01:14 PM

Hello J-Net members, 

 

I need help to send traffic logs of some specific policies to one of my syslog servers, the thing is there is some policies in whitch log is enabled on but I do not want those logs to be sent to my new syslog server.  any thought how to do it .

 

Many thanks .

1 REPLY 1
Highlighted
Junos

Re: syslog for some of the logged policies but not all of the logged policies

‎01-27-2017 10:56 PM

You can do that if you are using event-mode , (#show security log - can tell you if you are using stream, if nothing there its event mode).

 

Under your syslog config you can use match condition like "RT_FLOW + Policy-Name " for which you need the logs on server.

[edit]
root# show system syslog
host 1.1.1.1 {
    any any;
    match "(RT_FLOW|Policy-Name)";  ===> This is not correct regex, you may have to correct it
}

 

https://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/syslog-regular-expre...

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Feedback