SRX Services Gateway
SRX Services Gateway

Configuring_Security_Logs_on SRX_220_320_With_External_Syslog_Server

‎08-04-2019 07:26 AM

Hello All ,

 

Just need your inputs here with configuring SRX 220 , 320 to send the Security (traffic) & system logs to External Syslog Server .

 

I tried couple of ways but dont seem to be getting through , kindly help with the same 

 

Regards

shaan

7 REPLIES 7
SRX Services Gateway

Re: Configuring_Security_Logs_on SRX_220_320_With_External_Syslog_Server

‎08-04-2019 08:02 AM

I assume you are following an example like this one.

 

https://www.juniper.net/documentation/en_US/junos/topics/example/syslog-single-chassis-system-config...

 

Can you share the config details and whether or not the logs show up in a local file configuration ?

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: Configuring_Security_Logs_on SRX_220_320_With_External_Syslog_Server

‎08-04-2019 09:10 AM

Hey Shaan,

 

Please follow the KB articles for sending the System logs and Traffic logs to the External Server.

 

SRX Getting Started - Configure Traffic Logging (Security Policy Logs) for SRX Branch Devices: 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16509

 

SRX Getting Started - Configure System Logging:

https://kb.juniper.net/InfoCenter/index?page=content&id=kb16502

 

Let me know if you face any difficulties.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: Configuring_Security_Logs_on SRX_220_320_With_External_Syslog_Server

‎08-04-2019 09:15 AM

Hello Spuluka , 

 

I dont have configuration on the devices as of now as its a live or production site so i was testing with commit confirmed to be on safer side as i am not sure about the size of the log file that would be created 

 

Just to explain the scenario 

 

I have a pair of SRX 320 or SRX 220 in HA Setup and in simpler terms i have untrust & trust zones and trust zone is were i have syslog server connected in and both the FW is able to reach the syslog server on trust network , i am attaching a diagram just for your reference .

 

Regards

shaan

Attachments

SRX Services Gateway

Re: Configuring_Security_Logs_on SRX_220_320_With_External_Syslog_Server

‎08-04-2019 09:18 AM

Hello Noobmaster ,

 

I did follow this for SRX 220 but then it didnt work

 

Regards

shaan

SRX Services Gateway

Re: Configuring_Security_Logs_on SRX_220_320_With_External_Syslog_Server

‎08-04-2019 09:26 AM

Shaan,

 

Are you facing issues for both system logs and traffic logs?

 

If so, please send me the configuration which you've implemented.

 

user@host> show configuration system syslog | display set

user@host> show configuration security log | display set

user@host> show configuration security policies | display set

user@host> show chassis routing-engine

user@host> show system storage



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway
Solution
Accepted by topic author shaan129
‎09-18-2019 12:12 AM

Re: Configuring_Security_Logs_on SRX_220_320_With_External_Syslog_Server

[ Edited ]
‎08-04-2019 10:16 AM

Hi Shaan,

 

In your Syslog configuration, you didn't specify the external server to which the logs need to be sent. Rather you've configured it to save the Syslog locally onto the SRX.

 

You need to include the below line to send the system logs to the external server.

 

Syntax:

user@host# set system syslog host <IP address> <facility> <severity>

user@host# commit

 

Example:

user@host# set system syslog host 192.168.11.1 any any

user@host# commit

 

NOTE: 192.168.11.1 is the IP address of my External Syslog server where I would like to receive the logs.

Second, I reviewed your traffic logging configuration as well and you've missed a line. Please include the following line and let me know the behavior.

 

Example:

user@host# set security log stream FI_Syslog category all

 

Please initiate the traffic for the appropriate policy where the session-init and session-close are configured. So, that we can verify the traffic logs.

 

Let me know if you've any queries.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Configuring_Security_Logs_on SRX_220_320_With_External_Syslog_Server

‎09-18-2019 12:14 AM

thank you noobmaster & all of you for your valuable inputs

 

Regards

Shaan