Blog‎ > ‎

Logging on a Juniper SRX

posted Oct 9, 2013, 12:50 PM by Pasi Orovuo   [ updated Jul 19, 2014, 1:15 AM ]
How to do simple logging on an SRX?

set system syslog archive size 100k
set system syslog archive files 3
set system syslog file blocked-traffic any any
set system syslog file blocked-traffic match RT_FLOW_SESSION_DENY
set system syslog file accepted-traffic any any
set system syslog file accepted-traffic match RT_FLOW_SESSION_CREATE

Then on your policy rule have for example

set security policies from-zone trust to-zone untrust policy then-log-and-drop match source-address any
set security policies from-zone trust to-zone untrust policy then-log-and-drop match destination-address any
set security policies from-zone trust to-zone untrust policy then-log-and-drop match application any
set security policies from-zone trust to-zone untrust policy then-log-and-drop then reject
set security policies from-zone trust to-zone untrust policy then-log-and-drop then log session-init

And with 

show log blocked-traffic
show log accepted-traffic

see what's happening.



Alternatively, monitor the packet flow on the device:

set security flow traceoptions file flow-trace
set security flow traceoptions file size 1m
set security flow traceoptions file files 2
set security flow traceoptions file world-readable
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter filter1 destination-prefix 1.2.3.4/32

And with

show log flow-trace

examine the flow.



For reference, here's an image that describes the processing order of different modules within JunOS. Original available in here: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110.


Happy troubleshooting!

Comments