HomeJuniperSRXChecking that Juniper is logging to a remote logger

Checking that Juniper is logging to a remote logger

Software Effect Enterprises, Inc Posted on by

 

  1. Create a firewall filter to log and accept any packets that match the server’s IP address as the destination-address.

set firewall filter SYSLOG_FILTER term SYSLOG_PACKETS from destination-address 192.0.2.5/32
set firewall filter SYSLOG_FILTER term SYSLOG_PACKETS from destination-port 514
set firewall filter SYSLOG_FILTER term SYSLOG_PACKETS then log
set firewall filter SYSLOG_FILTER term SYSLOG_PACKETS then accept
set firewall filter SYSLOG_FILTER term ALLOW_ELSE then accept

  1. Apply this filter in the output direction on the interface that is facing the external server.

set interfaces ge-0/0/0 unit 0 family inet filter output SYSLOG_FILTER
set interfaces ge-0/0/0 unit 0 family inet address 192.0.2.254/24

  1. Commit the configuration and confirm that the SRX device is logging any entries for the matched syslog packets. 

user@srx> show firewall log detail
Time of Log: 2021-12-27 22:50:39 UTC, Filter: pfe, Filter action: accept, Name of interface: local
Name of protocol: UDP, Packet Length: 185, Source address: 192.0.2.254:514, Destination address: 192.0.2.5:514
Time of Log: 2021-12-27 22:50:39 UTC, Filter: SYSLOG_FILTER, Filter action: accept, Name of interface: local
Name of protocol: UDP, Packet Length: 185, Source address: 192.0.2.254:514, Destination address: 192.0.2.5:514
Time of Log: 2021-12-27 22:50:39 UTC, Filter: pfe, Filter action: accept, Name of interface: local
Name of protocol: UDP, Packet Length: 237, Source address: 192.0.2.254:514, Destination address: 192.0.2.5:5144
Time of Log: 2021-12-27 22:50:39 UTC, Filter: SYSLOG_FILTER, Filter action: accept, Name of interface: local

Comments are closed.