it's possible on the SRX firewall cluster, to manage log rotation so as not to exceed a certain amount of data?
because on my cluster de /var/log is full after 5min.....
You can configure the size of log file.
1....u can definitly increase number/size of log files being placed on system..
By default, log messages are being placed in /var/log/ directiory, in messages file,
Now u can archive your logs to any location u want, can mantain large no of log files, and can change size of eachfileas under:
#set system syslog file ~<filename> <archive-site IP-address-of-site-with-username-password> <files number> <sizesize>
IF u dont set file number, its 10 by default, if u dont set size its 128k by default....
For details from juniper to follow this method , refer to:----
2.... For some specific protocol, u can use traceoptions to log messages related to that protocol and can even change default settings of that file size and number.
3......However, since your log files are being filled in 5 mins, it means u r gathering all informations...better change this default as under :
set system syslog file file-name <facility> <severity>
by default ur facilty and severity is any any,,, which u can change as under:--
facility to authorizaton, change-log, firewall, interactive-comands, kernel etc
severity to emergency, critical, warning, error, notice etc
I hope u were asking same and it works for u....
In continuity to my above post...where i have described how to change default size and no of files on a specific file at :
#system syslog file <filename>
u can also apply these seting to all log files being stored in such a sequence at a little higher level as under:
#set system syslog archive <files number> <size size>
these setings will b applied to all archives,,,
© 1999 - 2019 Juniper Networks, Inc.
All rights reserved