Hi, I set up sending nat event logs to an external server, here is my config:
service-set NAT {
syslog {
host 1.1.1.1 {
services any;
class {
session-logs {
open;
}
nat-logs;
}
source-address 172.31.255.1;
}
}
nat-rules FIRST_RULE;
next-hop-service {
inside-service-interface ms-0/2/0.4090;
outside-service-interface ms-0/2/0.4091;
}
}
but on the server I see only a few messages in 15 minutes, while in the output of the command there are a lot more messages:
Interface: ms-0/2/0
Service-set: NAT
Host: 1.1.1.1
Sent: 1106614
Dropped: 868159
Session open logs:
Sent: 694117
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
Session close logs:
Sent: 0
Dropped: 692504 (low priority: 0, none severity: 0, no class set: 692504, above rate limit: 0)
Packet logs:
Sent: 0
Dropped: 175655 (low priority: 0, none severity: 0, no class set: 175655, above rate limit: 0)
Stateful firewall logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
ALG logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
NAT logs:
Sent: 412497
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
IDS logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
PCP MAP logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
PCP protocol logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
PCP protocol error logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
PCP debug logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
HA open sync logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
HA close sync logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
DET_NAT_CONFIG logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
URL Filtering logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
Other logs:
Sent: 0
Dropped: 0 (low priority: 0, none severity: 0, no class set: 0, above rate limit: 0)
test@TEST> show configuration interfaces ms-0/2/0
unit 0 {
family inet {
address 172.31.255.1/32;
}
}
which I do wrong ?