SRX Services Gateway
Highlighted
SRX Services Gateway

Policy Supposed to Log But Doesn't

[ Edited ]
‎10-08-2012 05:03 PM

I must be doing something wrong.  We have an egress policy (trust to untrust) blocking outbound port 25.  From "any" To "any".

 

I want to log all hits against this policy, as an early warning of machines inside our network infected with spam bots.

 

For logging, I've been through the various options-- none of them successful so far.  I've set a counter with a threshold of at least 1 per minute.  (tried with and without counting enabled)  I've enabled the option to "Log at session init time".

 

After applying the config, I tested and the blocking part works-- outbound 25/TCP is solidly blocked.  BUT, there is no logging.  When I view the log for that policy, it's empty even though I've repeatedly triggered the rule intentionally.

 

What's the secret to getting logging working?

Attachments

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Policy Supposed to Log But Doesn't

‎10-09-2012 01:22 AM

Hi,

 

Two things come to mind, a bug in the web interface or you don't have the severity level of "info" or "any" set on your box.

 

The below KBs expains it in detail, i suggest you seperate the traffic logs into a seperate log as specified if storing on the SRX itself.  It makes life a lot easier.

 

If you dont want to do that, then try the following in the CLI to check if its GUI bug or not:

 

user@srx>show log messages | match "session-init"

 If you see the traffic logs and they are not appearing in the GUI, then its a GUI bug and you should log it with JTAC.

 

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16509

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB10112

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Highlighted
SRX Services Gateway

Re: Policy Supposed to Log But Doesn't

‎08-08-2013 07:14 AM

I have this exact same issue.

 

I have tried the above but my log files are still empty.

Highlighted
SRX Services Gateway

Re: Policy Supposed to Log But Doesn't

‎08-10-2013 03:33 PM

Access the system from the command line and run:

>show firewall

See if the counter shows up in the command line. Maybe a GUI thing. Also check the 

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Feedback