This article describes the issue of SRX not writing to a log file while communicating to NSM Server; consequently NSM does not populate logs for the SRX.
- SRX randomly stops writing logs to default-log-messages file; consequently NSM stops reporting any logs coming from SRX.
- When EventD is restarted (restart event-processing), SRX starts to write logs to default-log-messages file again and NSM starts reporting activity from SRX.
- The following messages keeps populating when logs are not written in the default-log-messages during the problem:
Jul 13 15:59:31 sdxd_obssh_retry_timer_handler: (nsm) Everything okay.Starting oneshot timer...
Below is the config:
groups {
node0 {
system {
host-name SRX3K4_TOP;
backup-router 10.1.1.1 destination 10.100.24.0/24;
services {
outbound-ssh {
client nsm {
device-id 987A2A;
services netconf;
10.1.1.10 port 7804;
}
}
}
syslog {
archive size 200k files 10;
file default-log-messages {
any any;
structured-data;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.1.1.115/24;
}
}
}
}
node1 {
system {
host-name SRX3K4_BOT;
backup-router 10.1.1.1 destination 10.100.24.0/24;
services {
outbound-ssh {
client nsm {
device-id 8DE49B;
services netconf;
10.1.1.10 port 7804;
}
}
}
syslog {
archive size 200k files 10;
file default-log-messages {
any any;
structured-data;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.1.1.116/24;
}
}
}
}
}
}
apply-groups "$ ";
system {
domain-name metmuseum.org;
time-zone America/New_York;
authentication-order [ password radius ];
root-authentication {
}
services {
ftp;
ssh {
root-login deny;
protocol-version v2;
connection-limit 5;
}
telnet;
outbound-ssh {
traceoptions {
file default-log-messages;
flag connectivity;
}
}
web-management {
https {
system-generated-certificate;
}
}
}
}
Or
set groups node0 system host-name SRX3K4_TOP
set groups node0 system backup-router 10.1.1.1
set groups node0 system backup-router destination 10.100.24.0/24
set groups node0 system services outbound-ssh client nsm device-id 987A2A
set groups node0 system services outbound-ssh client nsm services netconf
set groups node0 system services outbound-ssh client nsm 10.1.1.10 port 7804
set groups node0 system syslog archive size 200k
set groups node0 system syslog archive files 10
set groups node0 system syslog file default-log-messages any any
set groups node0 system syslog file default-log-messages structured-data
set groups node0 interfaces fxp0 unit 0 family inet address 10.1.1.115/24
set groups node1 system host-name SRX3K4_BOT
set groups node1 system backup-router 10.1.1.1
set groups node1 system backup-router destination 10.100.24.0/24
set groups node1 system services outbound-ssh client nsm device-id 8DE49B
set groups node1 system services outbound-ssh client nsm services netconf
set groups node1 system services outbound-ssh client nsm 10.1.1.10 port 7804
set groups node1 system syslog archive size 200k
set groups node1 system syslog archive files 10
set groups node1 system syslog file default-log-messages any any
set groups node1 system syslog file default-log-messages structured-data
set groups node1 interfaces fxp0 unit 0 family inet address 10.1.1.116/24
set apply-groups "$ "
set system domain-name metmuseum.org
set system time-zone America/New_York
set system authentication-order password
set system authentication-order radius
set system root-authentication encrypted-password "$ABC123"
set system services ftp
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services telnet
set system services outbound-ssh traceoptions file default-log-messages
set system services outbound-ssh traceoptions flag connectivity