Hello Experts,
I have done the below config to enable logs in a SRX Firewall.
file traffic-log {
any any;
match RT_FLOW_SESSION;
}
file accepted-traffic {
any any;
match RT_FLOW_SESSION_CREATE;
}
file blocked-traffic {
any any;
match RT_FLOW_SESSION_DENY;
}
But for some reason the logs are not showing in any of the file. This FW is actively passing traffic between two zones. Any help to identify the problem will appreciated.
user@FW> show log accepted-traffic
user@FW> show log blocked-traffic
user@FW> show log traffic-log
Feb 6 13:03:46 FW mgd[71518]: UI_CFG_AUDIT_SET: User 'user' set: [system syslog file accepted-traffic match] <unconfigured> -> "RT_FLOW_SESSION_CREATE"
Feb 6 13:03:46 FW mgd[71518]: UI_CMDLINE_READ_LINE: User 'user', command 'set file accepted-traffic match RT_FLOW_SESSION_CREATE '
Feb 6 13:04:19 FW mgd[71518]: UI_CFG_AUDIT_SET: User 'user' set: [system syslog file blocked-traffic match] <unconfigured> -> "RT_FLOW_SESSION_DENY"
Feb 6 13:04:19 FW mgd[71518]: UI_CMDLINE_READ_LINE: User 'user', command 'set file blocked-traffic match RT_FLOW_SESSION_DENY '
user@FW>