SRX Services Gateway
SRX Services Gateway

SRX active/passive cluster logging.

‎03-17-2016 06:17 AM

Hi all. We have a Juniper SRX cluster in an active/passive configuration deployed at our site and we are trying to forward logs to a syslog server. Following the Juniper guides I have configured the following:

 

show configuration system syslog


archive size 128k files 50 world-readable;
user * {
any emergency;
}
host x.x.x.x {
any any;
port 8182;
source-address y.y.y.y;
structured-data;
}
file messages {
any warning;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file interface_logs {
any any;
match UpDown;
}
file IDS_messages { --> this was created in an attempt to capture messages from screen but it's not working
any any;
match ASP_;
}

 

and

 

show configuration security log
mode stream;
format sd-syslog;
source-address y.y.y.y;
stream SRX_log {
category all;
host {
x.x.x.x;
port 8182;
}
}

 

On the server side we are not seeing that there are any logs incoming. From the SRX we can ping the syslog server using a routing instance.

 

Any help why the SRX is not sending or storing logs would be quite welcome.

1 REPLY 1
SRX Services Gateway

Re: SRX active/passive cluster logging.

‎03-18-2016 04:03 AM

Hi,

 

You said:

 "From the SRX we can ping the syslog server using a routing instance."

 is this instance different than the default routing instance?

 

If so, try configure log sending, to be sourced from interface in default routing instance, and ensure that default routing instance has valid route to your syslog server.

 

Additionally, You can check with:

> monitor traffic interface <source_interface_of_your_log>

if any UDP packet destinated to your syslog server leaves interface.

 

Regards,

Wojciech Wydrzyński
JNCIS-ENT, JNCIS-SEC