- play_arrow Carrier Grade NAT (CGNAT)
- play_arrow Deterministic NAT Overview and Configuration
- play_arrow Dynamic Address-Only Source NAT Overview and Configuration
- play_arrow Network Address Port Translation Overview and Configuration
- play_arrow NAT46
- play_arrow Stateful NAT64 Overview and Configuration
- play_arrow IPv4 Connectivity Across IPv6-Only Network Using 464XLAT Overview and Configuration
- play_arrow IPv6 NAT Protocol Translation (NAT PT)
- play_arrow Stateless Source Network Prefix Translation for IPv6 Overview and Configuration
- play_arrow Transitioning to IPv6 Using Softwires
- play_arrow Transitioning to IPv6 Using DS-Lite Softwires
- play_arrow Reducing Traffic and Bandwidth Requirements Using Port Control Protocol
- play_arrow Transitioning to IPv6 Using Mapping of Address and Port with Encapsulation (MAP-E)
- play_arrow Monitoring and Troubleshooting Softwires
- play_arrow Port Forwarding Overview and Configuration
- play_arrow Port Translation Features Overview and Configuration
- play_arrow Static Source NAT Overview and Configuration
- play_arrow Static Destination NAT Overview and Configuration
- play_arrow Twice NAPT Overview and Configuration
- play_arrow Twice NAT Overview and Configuration
- play_arrow Class of Service Overview and Configuration
-
- play_arrow Stateful Firewall Services
- play_arrow Stateful Firewall Services Overview and Configuration
-
- play_arrow Intrusion Detection Services
- play_arrow IDS Screens for Network Attack Protection Overview and Configuration
-
- play_arrow Traffic Load Balancing
- play_arrow Traffic Load Balancing Overview and Configuration
-
- play_arrow DNS Request Filtering
- play_arrow DNS Request Filtering Overview and Configuration
-
- play_arrow URL Filtering
- play_arrow URL Filtering
-
- play_arrow Integration of Juniper ATP Cloud and Web filtering on MX Routers
- play_arrow Integration of Juniper ATP Cloud and Web filtering on MX Routers
-
- play_arrow Aggregated Multiservices Interfaces
- play_arrow Enabling Load Balancing and High Availability Using Multiservices Interfaces
-
- play_arrow Inter-Chassis Services PIC High Availability
- play_arrow Inter-Chassis Services PIC High Availability Overview and Configuration
- Next Gen Services Inter-chassis High Availability Overview for NAT, Stateful Firewall, and IDS Flows
- Inter-Chassis Stateful Synchronization for Long Lived NAT, Stateful Firewall, and IDS Flows for Next Gen Services
- Inter-Chassis Services Redundancy Overview for Next Gen Services
- Configuring Inter-Chassis Services Redundancy for Next Gen Services
-
- play_arrow Application Layer Gateways
- play_arrow Enabling Traffic to Pass Securely Using Application Layer Gateways
-
- play_arrow NAT, Stateful Firewall, and IDS Flows
- play_arrow Inline NAT Services Overview and Configuration
-
- play_arrow Configuration Statements
Understanding Next Gen Services CGNAT Global System Logging
All CGNAT services supported under Next Gen Services use global system logging. This topic describes global system logging for Next Gen Services CGNAT services and how to configure it.
Next Gen Services CGNAT Global System Logging
The CGNAT services supported under Next Gen Services support
global system logging for syslog messages. You configure syslog messaging
for these services under the service-set hierarchy. You
can send logs to either the local routing engine (RE) or one or more
remote servers (each of these is identified as a stream). You can
configure files to log system messages and also assign attributes,
such as severity levels, to messages. Reboot requests are recorded
to the system log files, which you can view with the show log command.
In the case of an AMS bundle, each PIC establishes a TCP connection with the log server and the external collector receives log messages from all the AMS members.
Modes of Operation for Next Gen Services System Logging
You can save logs for Next Gen Services locally, which is called: event mode, or send the log messages to one or more external servers, called: stream mode.
In event mode, after the log message is recorded, the log is stored within a log file which is then stored in the database table of the local routing engine (RE) for further analysis.
When configured in stream mode, log messages are streamed to one or more remote log servers. Each remote log server is assigned a stream from which it receives logs.
Understanding Stream Mode
When configured in stream mode, Next Gen Services log messages are streamed to a remote device.
For stream mode log forwarding, you can configure which transport protocol is used between MX-SPC3 services card and the log server. You can use either UDP, TCP, or TLS as the transport protocol.
When the device is configured in stream mode, you can configure a maximum of eight system log hosts to stream to.
System Logging Configuration Overview
Configuring system logging for Next Gen Services involves several main steps and considerations:
Global system logging — Next Gen Services system logging uses a global logging option that you need to enable in order to collect system log messages.
To enable global system logging for Next Gen Services, set the
traceoptionsoption under theedit services rtloghierarchy.For Next Gen Services, syslogs are always set at the
service-setlevel regardless of whether you are running event mode or stream mode.You must configure system logging for each service-set for which you want to collect logs. Each
service-setuses a separate TCP connection in stream mode.As a log client, Next Gen Services initiates TCP/TLS connections to the remote log server. By default, we connect to port 514 for TCP logging [RFC 6587], and port 6514 for TLS logging [RFC 5425]. You can also specify port numbers for TCP and TLS logging using CLI.
If you are using AMS bundles, syslogs are generated from each member interface of AMS group
Disabling Session Open Information in Syslogs
You can stop open session information from cluttering up your syslogs by disabling session open information from being collected:
user@host# set services service-set ss1 service-set-options disable-session-open-syslog
