Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to save traffic log under Stream mode

0

0
Article ID: KB31459 KB Last Updated: 23 Aug 2019Version: 2.0 Summary:

This article explains how to save the Traffic log under stream mode on the new SRX platform with Junos 15.1X49-D70 and above.

Important Note: This feature is supported on the following platforms and Junos versions:

Junos Version Platforms
X49-D70 and later versions vSRX 2.0, SRX 1500, SRX 4100, SRX 4200
X49-D100 and later versions SRX340 and SRX345 (when using SSD in rear SSD slot)
17.4R2 and later versions SRX4600
18.4R1 and later versions vSRX3

 

Symptoms:

Beginning with Junos 15.1X49-D70, you can save traffic log in device under stream mode. In this situation, you can save the traffic log file on SRX.

The following text is from Release 15.1X49-D70 Software Features:

On-box logging
Starting with Junos OS Release 15.1X49-D70,
SRX1500, SRX4100, and SRX4200 devices, and vSRX instances support all the current SRX Series logging functionality.
This release also introduces some modifications to the current logging functionality.

The major functionalities introduced are:
• On-box traffic logging to solid-state drives (SSDs) supports eight external log servers or files.
• An all-in-one XML file is added that contains all the traffic logs information.
The XML file also generates all the logging header files and traffic-log-related documents.

Solution:

Here is the configuration. You do not need to configure the log under system syslog.

--------------
set security log mode stream
set security log stream stream1 file name traffic-log
set security log stream stream1 file size 10
--------------

The log file will be stored at /var/traffic-log/ directory. You can use the command below to check the log via the CLI.
 
[edit]
root>show security log stream file traffic-log
<14>Feb 17 02:29:39 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.1.2/0->192.168.2.2/24279 0x0 icmp 192.168.1.2/0->192.168.2.2/24279 0x0 N/A N/A N/A N/A 1 policyA untrust trust 1 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN
<14>Feb 17 02:29:40 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.1.2/1->192.168.2.2/24279 0x0 icmp 192.168.1.2/1->192.168.2.2/24279 0x0 N/A N/A N/A N/A 1 policyA untrust trust 2 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN

OR
 
root> show log /var/traffic-log/traffic-log
<14>Feb 17 02:29:39 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.1.2/0->192.168.2.2/24279 0x0 icmp 192.168.1.2/0->192.168.2.2/24279 0x0 N/A N/A N/A N/A 1 policyA untrust trust 1 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN
<14>Feb 17 02:29:40 RT_FLOW:RT_FLOW_SESSION_CREATE: session created 192.168.1.2/1->192.168.2.2/24279 0x0 icmp 192.168.1.2/1->192.168.2.2/24279 0x0 N/A N/A N/A N/A 1 policyA untrust trust 2 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN
Modification History:
2019-08-20: Added affected Junos versions and platforms.

Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search