Configure Logs in Juniper SRX

Share This Article: Share on Facebook0Share on Google+1Tweet about this on TwitterShare on LinkedIn0Pin on Pinterest0Email this to someone

Logs play an important role in identifying and fixing troubles. In Juniper devices, there are different ways to configure logs. You can configure a Juniper device to send log messages to log server in the network or within the device. JunOS is heart of Juniper devices and works just perfect. Today I will show you how to configure logs in Juniper SRX within the device.

Configure Logs in Juniper SRX

Configure Logs in Juniper SRX

You can configure logs in JunOS at [edit system syslog] hierarchy. Different types of logs can be configured to check different logs. Now, let’s start with the factory default logs configuration. When the device is fresh installed with latest version of JunOS, there are three types of logs configured by default. You can view the log by typing show system syslog command in configuration mode.

[edit]
root@MustBeGeek# show system syslog
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
} 

As you can see the factory default configuration has 3 default log configured. Two logs are sent to files whereas one log is displayed to user logged in. Every log has facility level and severity level. Facility level means the type of log message being sent and severity level means type of importance of the log. The first log defined above shows facility level of any with severity level of emergency which is displayed to user logged in the device. The second log has facility level as Authorization and severity level of Info and sent to the file named messages. The third log has facility level of interactive-commands and severity level of any and is sent to the file named interactive-commands.

Apart from default logs, you might want to have your own control on logs being sent to files. Let’s create log for policy sessions from untrust zone to trust zone. First you have to specify session-init, session-close command under security policy.

[edit security policies from-zone untrust to-zone trust policy MailAccess]
root@MustBeGeek# show
match {
source-address any;
destination-address ExchangeServer;
}
then {
permit;
log {
session-init;
session-close;
}
}

Now let’s configure log file under [edit system syslog] hierarchy. We will configure the file named SessionsLog that will have RT_FLOW_SESSION keyword. You can configure different parameters for different types of logs. You can also configure different expressions for meeting your need. Here we will use match RT_FLOW_SESSION expression to log session messages.

[edit system syslog]
root@MustBeGeek# set file SessionsLog any any
[edit system syslog]
root@MustBeGeek# set file SessionsLog match RT_FLOW_SESSION
[edit system syslog]
root@MustBeGeek# set file SessionsLog archive size 1m files 3
[edit system syslog]
root@MustBeGeek# show
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file SessionsLog {
any any;
match RT_FLOW_SESSION;
archive size 1m files 3;
}

Some useful commands for viewing and maintaining logs are:-

1. You can now view the logs by typing following commands in operational mode.

root@MustBeGeek> show log SessionsLog

2. You can also view real-time log messages of the log file by typing following command in operational mode.

root@MustBeGeek> monitor start SessionsLog

3. The log files are in /cf/var/log location. You can view the log files by typing following command. The command will show the list of configured log files.

root@MustBeGeek> file list /cf/var/log

4. To delete log files from here issue following command,

root@MustBeGeek> file delete /cf/var/log/SessionsLog

5. You can also delete log files and some temporary files by typing following command.

root@MustBeGeek> request system storage cleanup

The following two tabs change content below.
Bipin is a freelance Network and System Engineer with expertise on Cisco, Juniper, Microsoft, VMware, and other technologies. You can hire him on UpWork . Follow Bipin Giri on Google+. Bipin enjoys writing articles and tutorials related to Network technologies. Some of his certifications are, MCSE:Messaging, JNCIP-SEC, JNCIS-ENT, and others.