Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Unable to get logs to NSM from Chassis Cluster in stream mode logging



Article ID: KB21050 KB Last Updated: 24 Oct 2012Version: 2.0
Unable to send logs to NSM from SRX Chassis Cluster when logging configured in stream mode.
The SRX3600 Chassis Cluster is added to NSM via fxp0 . The device is required to send logs to NSM  in stream mode .

The NSM is only able to see the system logs & not the traffic logs.

NSM can only receive the stream mode logs when modified as follows (valid for 2011.1 onwards):
To configure the DMI device to send the logs to NSM using stream mode, edit the /var/netscreen/DevSvr/devSvr.cfg file and set the devSvr.enableSyslogOverUdp parameter to true:
devSvr.enableSyslogOverUdp true

Complete steps can be seen at page 767 of the following article:
The route visible for NSM on the SRX cluster is via fxp0.
>show route      *[Direct/0] 1d 13:46:06
The stream mode stands for sending of logs from the data plane to the remote host without reaching the Routing Engine.
On the other hand, fxp0 is a non-routable interface which enables remote user to reach the Routing Engine.

So when we try to send the stream mode logs via fxp0, it fails .
The requirement can only be achieved if the device is reachable to NSM via a revenue port [not fxp0].

Additionally you need to send logs to NSM on port 5140. The partial configuration is shown as follows:
root#show security log
mode stream;
stream NSM {
     host {;
         port 5140;
In the above configuration, the NSM IP is considered to, and the SRX IP is .

If you need to get the logs via fxp0, then you need to configure the device in event mode as shown in the following article: KB16643

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search