SRX Services Gateway
SRX Services Gateway

LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)

[ Edited ]
‎04-09-2014 11:19 PM

Hi All

 

I didn't found the right solution/answer for my problem regarding LSYS logging with Juniper SRX 1k/3k/5k in release 11.4 R9.4.

The goal from my side is to implement for every LSYS-Customer their own STRM/Syslog Server. If the customer already have a syslog solution in place, they should be able to use their syslog servers. This Syslogserver should receive all Logs relevant to the desired LSYS like traffic logs and other logs. To send logs out of the data plane i must configure logging in stream mode instead of event mode. The picture attached should indicate what i would like to do:

 

 

 

- Traffic-Logging per LSYS ?

- Logging in Stream Mode per LSYS ?

- Is this supported through juniper or any restrications ?

 

Thanks for your feedback

 

 

11.4 R9.4

Attachments

3 REPLIES 3
SRX Services Gateway

Re: LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)

‎04-09-2014 11:36 PM

Hi Claudio

 

Yes, syslog is supported for LSYS.

Stream-mode is supported and there are no restrictions, it should work just work like root LYSYS.

Please follow below KB for your reeference:

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28775

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
SRX Services Gateway

Re: LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)

‎04-10-2014 12:58 AM

Thanks for your fast answer. When I have a look at the KB28775 i see that i have to create an lt between root and LSYS. Is it really requiered to setup an lt-tunnel (interconnection) between root and LSYS to support stream logging ?

Highlighted
SRX Services Gateway
Solution
Accepted by topic author claudio.truttmann@ch.ibm.com
‎08-26-2015 01:27 AM

Re: LSYS Logging possible in event or stream mode (High-End Firewalls SRX 1k/3k/5k)

‎04-10-2014 02:18 AM

Yes, that is correct, you need an lt-0/0 interface to communicate between different LSYS, and syslog server must be reachable via root LSYS.

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!