Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

IDP-related log messages sent to syslog facility are sent as the Facility 'daemon' instead of the 'normal' facility configured

0

0

Article ID: KB12152 KB Last Updated: 21 Jun 2010Version: 3.0
Summary:
IDP-related log messages sent to syslog facility are sent as the Facility 'daemon' instead of the 'normal' facility configured
Symptoms:

Customer has IDP syslog enabled in the ScreenOS 6.1.0r2 to send the IDP-related log messages to the Syslog server:

Customer syslog config:

set syslog config "10.10.51.3" facilities local0 local0
set syslog config "10.10.51.3" log traffic
set syslog config "10.10.51.3" log idp


Customer noticed that the IDP-related logs show up, but they are showing up under the 'daemon' Facility.  They are sent as Daemon.info or Daemon.warning from the firewall instead of the normal facility configured. 
tcpdump -nn -i eth1 -vvv host 10.10.51.64
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
18:02:27.030959 IP (tos 0x0, ttl  64, id 58366, offset 0, flags [none], proto: UDP (17), length: 836) 10.10.51.64.21240 > 10.10.51.3.514: SYSLOG, length: 808
        Facility daemon (3), Severity warning (4)
        Msg:  1 2008-08-14T17:02:26 0.0.0.0 Jnpr Syslog 32739 1[|syslog]
Solution:
This behavior is by-design; the IDP module is considered a system daemon in the firewall system (ScreenOS).   
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search