SRX Services Gateway
SRX Services Gateway

Logging not send to syslog file

‎05-28-2017 02:01 PM

Hi all,

 

I am not able to get logging on the file which has been created:

 

This is the conf for syslog

xxx@xxx# run show configuration system syslog
archive size 100k files 3;
user * {
    any emergency;
}
file messages {
    any critical;
    authorization info;
}
file interactive-commands {
    interactive-commands error;
}
file policy_session {
    any any;
    user info;
    match RT_FLOW;
    archive size 1000k world-readable;
    structured-data;
}

 

And this is on one of the other policys, so why am i not seeing any logs from the UNTRUST zone, im 100% sure that policy 299 is being hit with some traffic? 

 

    from-zone UNTRUST to-zone TRUST {
        policy 200 {
         xxxxx
            then {
                permit;
            }
        }
        policy 299 {
            match {
                source-address any;
                destination-address any;
                application any;
            }
            then {
                deny;
                log {
                    session-init;
                }
            }
        }
2 REPLIES 2
SRX Services Gateway

Re: Logging not send to syslog file

‎05-28-2017 10:45 PM

Hi,

Which SRX model you are using?

Also share the output of "show security policies hit-count"

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: Logging not send to syslog file

‎05-30-2017 09:58 AM

Try to put match condition in quotes

 

delete system syslog file policy_session match RT_FLOW
set system syslog file policy_session match "RT_FLOW_SESSION"

Also better is to log session-close because it also collect traffic statistics.