Only send logs of dropped traffic from SRX to Syslog server
I have a customer who is receiving tons of logs from his SRX to the Syslog server. He requested only to send logs for the traffic which is dropped, he doesn't care about the permitted traffic. How can I configure this under the Syslog host?
Re: Only send logs of dropped traffic from SRX to Syslog server
There is no option to filter only deny logs in stream mode. Since you need only deny/dropped logs, one workaround is to enable logging only on deny security policies (log session-init) and remove/disable logging from other security policies (ie log session-init and log session close).
Thanks, Nellikka JNCIE x3 (SEC #321; SP #2839; ENT #790) Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!