SRX Services Gateway
SRX Services Gateway

syslogs not being saved on srx340 local storage

3 weeks ago

Hi guys,

 

just noticed that syslogs were being saved locally (messages file) on our srx340. below is the cofigured syslog on the device. firmware version is 18.2R3.4. your help is well appreciated thanks

 

security {
log {
utc-timestamp;
mode event;
format syslog;
report;
source-address 10.x.219.z;
stream C300_CCSensor {
format syslog;
host {
10.z.215.x;
}
}
stream AVOGADRO {
format syslog;
host {
10.x.214.z;
}
}
}

4 REPLIES 4
SRX Services Gateway

Re: syslogs not being saved on srx340 local storage

3 weeks ago

Hello K1mffrey,

 

Are you trying to save the logs locally on the device? 

Default Syslog Settings

 

By default, only critical messages are logged to a local file known as messages on the SRX Series device. The following configuration shows the default log settings:

 

system {
syslog {
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
}

 

Now if you want to send the logs to a local file, you can use 
user@host#set system syslog file messages any ?   <<<<<< Check if you have this configured to see if log messages are captured locally to the file

 

Sending Logs to a Remote Syslog Server (192.30.80.76) << which I believe that you have already configured
user@host# set system syslog host 192.30.80.76 any any

 

Thanks,

Vishaal

 

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

SRX Services Gateway

Re: syslogs not being saved on srx340 local storage

3 weeks ago

Hi,

 

is there a way to send syslog to a remote syslog server and save it locally on srx340? 

SRX Services Gateway
Solution
Accepted by topic author K1mffrey
2 weeks ago

Re: syslogs not being saved on srx340 local storage

3 weeks ago

Hi K1mffrey, 

 

Yes you can do that, you can use this config to store and send files to your syslog server

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16502

 

set system syslog host <syslog-server-ip> any any

set system syslog file <test-file> any any

 

If this solves your problem, please mark this post as "Accepted Solution".

If you think that my answer was helpful, please spend some Kudos.

 

Thank you, 
Franky

SRX Services Gateway

Re: syslogs not being saved on srx340 local storage

2 weeks ago

Hi, K1mffrey

 

It is important to understand the two major type of logs that can be saved by the SRX: data-plane logs vs control-plane logs

 

Control-plane messages are related to events on your box (a user that just loged in to the device or a high temperature alarm) and are configured under the [edit system syslog] hierarchy:

 

          https://kb.juniper.net/KB16502

 

Note that these logs can be stored locally in the SRX or sent to an external host as explained in the above KB article.

 

Data-plane messages, also known as security-logs or traffic-logs, are messages related to the traffic that is being forwarded by your SRX. These logs are related to sessions and are configured under [edit security log] hierarchy:

 

       https://kb.juniper.net/KB16509

 

Note that these messages can be sent to an external host (highly suggested) by using the "stream" mode, and they will be sent directly from the dataplane of the device hence not affecting your Routing-Engine. 

 

Also they can be stored locally in the SRX, using the "event" mode but this will make the SRX to send the logs from the data-plane to the control-plane and depending on the rate of the logging this can affect your Routing-Engine (which is the component in charge of the control-plane of any junos device).  Any of the mentioned modes are configured under [edit security log] hierarchy.

 

 

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!