Knowledge Search


×
 

[SRX] How to save traffic log under Stream mode

  [KB31459] Show Article Properties


Summary:

This article explains how to save the Traffic log under stream mode on the new SRX platform with Junos 15.1X49-D70 and above.

Important Note: This feature is supported on the following platforms and Junos versions:

Junos Version Platforms
X49-D70 and later versions vSRX 2.0, SRX 1500, SRX 4100, SRX 4200
X49-D100 and later versions SRX340 and SRX345 (when using SSD in rear SSD slot)
17.4R2 and later versions SRX4600
18.4R1 and later versions vSRX3

 

Symptoms:

Beginning with Junos 15.1X49-D70, you can save traffic log in device under stream mode. In this situation, you can save the traffic log file on SRX.

The following text is from Release 15.1X49-D70 Software Features:

On-box logging
Starting with Junos OS Release 15.1X49-D70,
SRX1500, SRX4100, and SRX4200 devices, and vSRX instances support all the current SRX Series logging functionality.
This release also introduces some modifications to the current logging functionality.

The major functionalities introduced are:
• On-box traffic logging to solid-state drives (SSDs) supports eight external log servers or files.
• An all-in-one XML file is added that contains all the traffic logs information.
The XML file also generates all the logging header files and traffic-log-related documents.

Solution:

Here is the configuration. You do not need to configure the log under system syslog.

--------------
set security log mode stream
set security log stream stream1 file name traffic-log
set security log stream stream1 file size 10
--------------

The log file will be stored at /var/traffic-log/ directory. You can use the command below to check the log via the CLI.
 
[edit]
root>show security log stream file traffic-log
<14>Feb 17 02:29:39 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.1.2/0->192.168.2.2/24279 0x0 icmp 192.168.1.2/0->192.168.2.2/24279 0x0 N/A N/A N/A N/A 1 policyA untrust trust 1 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN
<14>Feb 17 02:29:40 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.1.2/1->192.168.2.2/24279 0x0 icmp 192.168.1.2/1->192.168.2.2/24279 0x0 N/A N/A N/A N/A 1 policyA untrust trust 2 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN

OR
 
root> show log /var/traffic-log/traffic-log
<14>Feb 17 02:29:39 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.1.2/0->192.168.2.2/24279 0x0 icmp 192.168.1.2/0->192.168.2.2/24279 0x0 N/A N/A N/A N/A 1 policyA untrust trust 1 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN
<14>Feb 17 02:29:40 RT_FLOW:RT_FLOW_SESSION_CREATE: session created 192.168.1.2/1->192.168.2.2/24279 0x0 icmp 192.168.1.2/1->192.168.2.2/24279 0x0 N/A N/A N/A N/A 1 policyA untrust trust 2 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN
Modification History:
2019-08-20: Added affected Junos versions and platforms.
Related Links: