Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to enable and view traffic logs in the J-Web/GUI on SRX devices

0

0

Article ID: KB19490 KB Last Updated: 25 Mar 2020Version: 8.0
Summary:

This article provides information on how to enable and view traffic logs in the GUI/J-Web on SRX devices.

Symptoms:
It was reported by many customers that traffic logging occurs in the syslog servers; but not in the J-Web/GUI. Even if policy logging is configured in the J-Web, it was not getting logged. This is applicable to all the Junos versions.




Policy Logs for tr-untr:

Solution:
To enable traffic logging in J-Web, perform the following procedure:
 
  1. Set the security logging mode as event, rather than the default stream mode.

    Note: The default mode for traffic logging on High End SRX devices is the stream mode and the default mode for traffic logging on Branch SRX devices is the event mode).
    root@srx#set security log mode event
    root@srx#commit
  2. Logon to the GUI/J-web, go to Monitor > Events and alarms > Security events, and click Create log configuration:




    This will add the following configuration under the system syslog hierarchy:
    file policy_session {
        user info;
        match RT_FLOW;
        archive size 5120000 world-readable;
        structured-data;
    }
  3. Now, if you enable logging, the traffic logs will be visible in J-Web:


  4. A Problem Report has been filed for this issue.

Note:
  • Ensure that the [security log stream] setting is not set on the active configuration; otherwise the system will get confused and the following be displayed on J-web:

    'The security log is configured in stream mode. In this mode, the session logs are sent directly to the log collectors and cannot be locally stored. Please set the log mode to ‘event’ in order to use this page.'

  • J-web will recognize the following settings as the syslog file that contains the traffic log:
    file policy_session {
            any any;                   // This can be any of [any/any, any/info, user/any, user/info]
            match RT_FLOW;             // Need exact the same match string for system in searching logs for policy
            archive world-readable;    // Requried
            structured-data;           // Preferred for fast searching when using filters 
        }
Modification History:

2020-03-25: Article reviewed for accuracy; no changes required.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search