SRX Services Gateway
Highlighted
SRX Services Gateway

Question about policy logging locally on SRX345

‎01-31-2020 07:03 PM

Hi

I've seen a notes and videos on logging security policies for accepted and denied traffice. I'm not really seeing any entries even after sending pings manually from a device that should hit that policy. Here's my config, any thoughts?

archive size 2m files 3 world-readable;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
inactive: file interactive-commands {
interactive-commands any;
}
file accepted-traffic {
any any;
match RT_FLOW_SESSION_DENY;
}
inactive: file blocked-traffic {
any any;
match RT_FLOW_SESSION_DENY;
}

 

 

mode event;
format syslog;
report;
source-interface ge-0/0/0.0;

 

I do see this when I run the show security log. I'm not seeing an enabled security logging.

run show security log
Security logging is disabled

 

thanks

john

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Question about policy logging locally on SRX345

[ Edited ]
‎01-31-2020 07:19 PM

Hi

JT2014,

 

Please make sure you have the logging enabled on the deny policy or if there is no specific deny policy have it enabled on the default deny policy as shown in below kb;

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28109&actp=METADATA

 

 

Regards,

Shailesh

 

Shailesh
[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
SRX Services Gateway

Re: Question about policy logging locally on SRX345

‎01-31-2020 07:36 PM

thanks for the information, but what about thre accepted traffic logs? I'm not seeing it there. I had seen another forum note about the path to the file not being mapped properly? I can't find info on how to confirm that.

 

If I use the webui I can get one working, but I then need to make some edits to filter the data.

Highlighted
SRX Services Gateway

Re: Question about policy logging locally on SRX345

‎02-01-2020 06:05 AM

Could you confirm that the deny security policy had the log set the session-init this is required to generate the deny log.  

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home