SRX Services Gateway
SRX Services Gateway

firewall events not showing on J-web

‎06-18-2019 12:55 AM

Hi Guys,

 

traffic events are not showing on our srx345 jweb. 'Monitor > Events > Firewall' it always shows "Traffic logging is not Enable" but we've did it many times already. even in the security policies log. no problem on cli we can see the traffic log on show log. security log is in event mode as it is configured by default in enterprise SRX 

2 REPLIES 2
SRX Services Gateway
Solution
Accepted by topic author K1mffrey
‎06-18-2019 11:21 PM

Re: firewall events not showing on J-web

‎06-18-2019 01:07 AM

Hello,

 

What is the version that you are running on the device. If you are running Junos OS release 15.1X49-D100 and later, J-Web has been enhanced to support on-box reporting which works in stream mode.

 

This is the configuration that should be present to make this work:

security {
log {
mode stream; <<< Don't use event mode.
report; <<<
source-address X.X.X.X
stream XXXXX {
host {
X.X.X.X
}
}

 

Please follow this KB for more information:

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB32479&pmv=print&actp=METADATA&searchid=&ty...

 

Regards,

Prakash

SRX Services Gateway

Re: firewall events not showing on J-web

‎06-18-2019 01:09 AM

Hi,

 

I believe you have followed this KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB19490&actp=METADATA

 

Can you please double check the below?

 

J-web will recognize the following settings as the syslog file that contains the traffic log: 

file policy_session {
        any any;                   // This can be any of [any/any, any/info, user/any, user/info]
        match RT_FLOW;             // Need exact the same match string for system in searching logs for policy
        archive world-readable;    // Requried
        structured-data;           // Preferred for fast searching when using filters 
    }

 

You can do a quick check on the file permissions and whether the RT_FLOW tag is seen in the file.

file list detail /var/log/<log-file-name>

show log log-file-name | match RT_FLOW

 

If you can share details of the log file configuration and above two commands it would help.

 

Regards,

 

Vikas