SRX

Hi,

I'd like to find out what is the maximum number of remote Syslog server for traffic logs supported on SRX5800?

I wish to add an additional syslog server on top of existing one.

Thank you

There is no threshold for syslog server count that I know of.

I have worked with cusotmers using upto 8 syslog servers.

Since it is going to be addition of one to your existing setup, I do not see any issues.

Only thing to consider is not to have any any configuration when you configure multiple servers(say 8/10).

on having configured any any, during heavy traffic, logging could potentially result in high CPU.

You need to seperate system and security logging.

How to configure system and traffic logging:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16634

Regards,

Raveen

Hi Raveen,

Thank you for your reply.

I have a question, for example, currently I have the following configuration in my Firewall. If I'm adding a second syslog server, does the Firewall treat the second syslog server as primary or backup server?

I'd like to ensure that the same copy of log were send to both existing and new syslog server without any lost or missing log.

set security log format syslog
set security log source-address 10.0.0.1
set security log stream trafficlogs format syslog
set security log stream trafficlogs category all
set security log stream trafficlogs host 10.10.10.100

Thank you

Same copy of logs will be sent to each of the configured servers.

Regards,

Raveen

Hi Raveen,

Thanks for your clarification.