Network Professional Notepad

Category:Juniper -> Security

The release information for traffic flows log streaming under LSYS states the following at https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-edit-logical-system-security-log-stream.html:

Statement introduced in Junos OS Release 18.2R1 for logical Systems.
Statement introduced in Junos OS Release 18.3R1 for tenant Systems.
The “routing-instance” option introduced in Junos OS Release 18.3R1 for tenant systems.

Configuration:

set logical-systems LSYS1 security log mode stream
set logical-systems LSYS1 security log source-interface reth1.400
set logical-systems LSYS1 security log transport protocol udp
set logical-systems LSYS1 security log stream LSYS1_STRM format sd-syslog
set logical-systems LSYS1 security log stream LSYS1_STRM category all
set logical-systems LSYS1 security log stream LSYS1_STRM host 10.25.25.25
set logical-systems LSYS1 security log stream LSYS1_STRM host port 514
set logical-systems LSYS1 security log stream LSYS1_STRM host routing-instance RT_INSTANCE_1 

Verification:

show system security-profile security-log-stream-number logical-system all 
node0:
--------------------------------------------------------------------------

logical system name   security profile name       usage    reserved     maximum

root-logical-system   Default-Profile                 1           0           8
LSYS0                 LSYS0-PROFILE                   0           0           8
LSYS1                 LSYS1-PROFILE                   1           0           8
LSYS2                 LSYS2-PROFILE                   0           0           8
LSYS3                 LSYS3-PROFILE                   0           0           8 

We can see “FLOWS” started to get generated:

% srx-cprod.sh -s spu -c "sh usp rtlog streams"

stats per category: 
ALL                    generated:  0                      stream_ok:   0                   
UTM                    generated:  0                      stream_ok:   0                   
FW_AUTH                generated:  0                      stream_ok:   0                   
SCREEN                 generated:  0                      stream_ok:   0                   
ALG                    generated:  25096                  stream_ok:   25096               
NAT                    generated:  0                      stream_ok:   0                   
FLOW                   generated:  3113288                stream_ok:   3113288             
SCTP                   generated:  0                      stream_ok:   0                   
GTP                    generated:  0                      stream_ok:   0                   
IPSEC                  generated:  0                      stream_ok:   0                   
IDP                    generated:  0                      stream_ok:   0                   
RTLOG                  generated:  0                      stream_ok:   0                   
PST_DS_LITE            generated:  0                      stream_ok:   0                   
APPQOS                 generated:  0                      stream_ok:   0                   
SECINTEL               generated:  0                      stream_ok:   0                   
AAMW                   generated:  0                      stream_ok:   0                   
OTHERS                 generated:  0                      stream_ok:   0 

By privilege15

Juniper SRX Streaming to STRM

Navigation

Share page in

Search: