Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Traffic log forwarding from NSM to a Syslog server does not work when configured for a rule within a firewall policy



Article ID: KB15909 KB Last Updated: 23 Jun 2010Version: 2.0
Using Syslog forwarding from NSM, on a single firewall rule within a policy that is enabled, the logs are not actually sent.  Using log2action makes it possible to forward all traffic logs from the firewall, but not logs for a single policy rule.  This behavior is seen on NSM releases from 2007.3r5 to 2008.2r2a.  Is it possible to make this work?
Want to send Syslog for a single or group of rules within a firewall policy, without forwarding all traffic logs. 

Example 1:  The traffic logs should be sent to NSM for those rules which have logging enabled, but a smaller set of rules must have their logs forwarded to Syslog also.

Example 2:   A user wants to log all traffic through the firewall, but deny logs to be forwarded to a Syslog server.
  1. Under Action Manager > Action Parameters configure the Syslog server settings.
  2. Go to the NSM policy for the firewall.  On the rule for which the logs should be forwarded to the Syslog server, right-click the 'Rule options' cell.
  3. Select 'Log/Count' and enable Syslog on the log actions tab (you must select 'Log on session close')
  4. Save the policy
  5. Update the firewall.  Note: if logging was already enabled, then the Syslog setting will not push any update to the firewall, although the push will cause an update in the NSM database to reflect the log action.
Now all traffic hitting the rule for which Syslog is enabled will trigger a log action to forward those logs to the Syslog server, sent by the NSM server.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search