SRX Services Gateway
SRX Services Gateway

SRX Firewall log rotary

‎04-14-2012 03:11 AM

Hi,

 

it's possible on the SRX firewall cluster, to manage log rotation so as not to exceed a certain amount of data?

 

because on my cluster de /var/log is full after 5min.....

 

 

Best regards

3 REPLIES 3
SRX Services Gateway

Re: SRX Firewall log rotary

‎04-14-2012 05:48 AM

You can configure the size of log file.

JNCIE-SEC
SRX Services Gateway

Re: SRX Firewall log rotary

‎04-14-2012 10:06 AM

hi jeromefer...

1....u can definitly increase number/size of log files being placed on system..

By default, log messages are being placed in /var/log/ directiory, in messages file,  

Now u can archive your logs to any location u want, can mantain large no of log files, and can change size of eachfileas under:

#set system syslog file ~<filename> <archive-site IP-address-of-site-with-username-password> <files number> <sizesize>

IF u dont set file number, its 10 by default, if u dont set size its 128k by default....

For details from juniper to follow this method , refer to:----

http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-...

 

 

2.... For some specific protocol, u can use traceoptions to log messages related to that protocol and can even change default settings of that file size and number.

 

3......However, since your log files are being filled in 5 mins, it means u r gathering all informations...better change this default as under :

set system syslog file file-name <facility> <severity>

by default ur facilty and severity is any any,,, which u can change as under:--

facility to authorizaton, change-log, firewall, interactive-comands, kernel etc

severity to emergency, critical, warning, error, notice etc

 

I hope u were asking same Smiley Surprised and it works Smiley LOL for u....

NASIR RAZA
JNCIA-JUNOS, JNCIS-ENT.
Highlighted
SRX Services Gateway

Re: SRX Firewall log rotary

‎04-14-2012 11:17 AM

In continuity to my above post...where i have described how to change default size and no of files on a specific file at :

edit

#system syslog file <filename>

u can also apply these seting to  all log files being stored in such a sequence at a little higher level as under:

#set system syslog archive <files number> <size size>

these setings will b applied to all archives,,,

NASIR RAZA
JNCIA-JUNOS, JNCIS-ENT.