SRX Services Gateway
SRX Services Gateway

SYSLOG Help with SRX

‎09-26-2017 01:50 AM



we have an SRX with 4 x Routing instances, all interafces are configured and members of one of these 4 routing instances.  I need to get the SRX to send SYSLOG data to our syslog server but cannot get it working.  I believe this SYSLOG traffic will originate from the default routing instance; i have no interfaces in the default routing instance.  The SYSLOG server is accessed the MGMT routing instance, i have added the config below but my syslog server is getting no logs.



   syslog {

        archive size 100k files 3;

        user * {

            any emergency;


        host {

            any any;


        file messages {

            any critical;

            authorization info;


        file interactive-commands {

            interactive-commands error;


        file TRAFFIC-LOG {

            any any;

            match RT_FLOW_SESSION;




routing-options {

    traceoptions {

        file routing-log size 10k files 5;

        flag general;


    static {

        route next-table MGMT.inet.0;


can anyone assist please? note is an address assigned to an internface in MGMT routing instance.  i can PING the SYSLOG server fine from the MGMT routing instance.


Many thanks



SRX Services Gateway
Accepted by topic author ryan2
‎10-06-2017 07:57 AM

Re: SYSLOG Help with SRX

‎09-26-2017 01:54 AM
Try configure a loopback interface and keep it in inet/default routing instance. SRX will generate Syslog with loopback IP. You can use "source-address" option under syslog to change the address as per your requirement.
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: SYSLOG Help with SRX

‎09-26-2017 05:10 AM

What address range(s) are your interfaces in and is the SYSLOG server in a different range?


I had a similar circumstance and while it may not be the best (???) method, I had a routing instance where the SYSLOG server lived and I used the firewall filter to get the traffic there.


firewall family inet filter ALLOW_SYSLOG from source port 514

firewall family inet filter ALLOW_SYSLOG from source address range allowed

firewall family inet filter ALLOW_SYSLOG then routing-instance ROUTE_TO_SYSLOG_SERVER


This isn't tested/checked, just typed from memory.

SRX Services Gateway

Re: SYSLOG Help with SRX

‎10-06-2017 07:56 AM

Apologies for late reply, had a CAB process to go through to get this done.


Thank you very much, this worked and i am now getting syslogs