SRX Services Gateway
SRX Services Gateway

SYSLOG Help with SRX

‎09-26-2017 01:50 AM

Hello,

 

we have an SRX with 4 x Routing instances, all interafces are configured and members of one of these 4 routing instances.  I need to get the SRX to send SYSLOG data to our syslog server but cannot get it working.  I believe this SYSLOG traffic will originate from the default routing instance; i have no interfaces in the default routing instance.  The SYSLOG server is accessed the MGMT routing instance, i have added the config below but my syslog server is getting no logs.

 

system

   syslog {

        archive size 100k files 3;

        user * {

            any emergency;

        }

        host 192.168.1.200 {

            any any;

        }

        file messages {

            any critical;

            authorization info;

        }

        file interactive-commands {

            interactive-commands error;

        }

        file TRAFFIC-LOG {

            any any;

            match RT_FLOW_SESSION;

        }

        source-address 192.168.30.254;

 

routing-options {

    traceoptions {

        file routing-log size 10k files 5;

        flag general;

    }

    static {

        route 192.168.1.200/32 next-table MGMT.inet.0;

 

can anyone assist please? note 192.168.30.254 is an address assigned to an internface in MGMT routing instance.  i can PING the SYSLOG server fine from the MGMT routing instance.

 

Many thanks

 

Ryan

3 REPLIES 3
SRX Services Gateway
Solution
Accepted by topic author ryan2
‎10-06-2017 07:57 AM

Re: SYSLOG Help with SRX

‎09-26-2017 01:54 AM
Try configure a loopback interface and keep it in inet/default routing instance. SRX will generate Syslog with loopback IP. You can use "source-address" option under syslog to change the address as per your requirement.
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: SYSLOG Help with SRX

‎09-26-2017 05:10 AM

What address range(s) are your interfaces in and is the SYSLOG server in a different range?

 

I had a similar circumstance and while it may not be the best (???) method, I had a routing instance where the SYSLOG server lived and I used the firewall filter to get the traffic there.

 

firewall family inet filter ALLOW_SYSLOG from source port 514

firewall family inet filter ALLOW_SYSLOG from source address range allowed

firewall family inet filter ALLOW_SYSLOG then routing-instance ROUTE_TO_SYSLOG_SERVER

 

This isn't tested/checked, just typed from memory.

SRX Services Gateway

Re: SYSLOG Help with SRX

‎10-06-2017 07:56 AM

Apologies for late reply, had a CAB process to go through to get this done.

 

Thank you very much, this worked and i am now getting syslogs