Modifying the Syslog Configuration for Security Devices
You can use the Syslog section on the Modify Configuration page to view and modify the parameters related to system logging on the device.
Refer to the Junos OS documentation (available at http://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/) for a particular release and device. There you can find detailed information on the configuration parameters for that device.
To modify the system log parameters:
Setting |
Guideline |
---|---|
General Settings |
|
Time Format |
Specify whether the time format should be included in system log messages generated for the device. By default, the timestamp specifies the month, day, hour, minute, and second at which the message was logged. If you select Enable, you can specify whether the milliseconds are included in the timestamp, the year is included in the timestamp, or both the milliseconds and the year are included in the timestamp. |
Source Address |
Specify the IPv4 or IPv6 address to be used as the source address that is included in system log messages. |
Log Rotation Frequency |
Configure the time interval (in minutes) at which Junos Space checks for the system log file size. When the log file size exceeds the previously specified size limit, the log file is archived and a new log file is created. The range is 1 through 59 and the default is 15 minutes. |
Allow Duplicates |
Select this check box if you do not want to suppress syslog messages that were logged earlier. This check box is cleared by default. |
Host Configuration |
|
The existing host configuration entries are displayed in a table. You can do the following:
|
|
File Configuration |
|
The existing file configuration entries are displayed in a table. You can do the following:
|
|
User Configuration |
|
The existing user configuration entries are displayed in a table. You can do the following:
|
Setting |
Guideline |
---|---|
Name |
Select the name of the host to be notified when the system log matches the condition specified. |
Match |
Enter a regular expression up to a maximum of 255 characters that must appear or must not appear in a message for the messages to be logged to a host. |
Contents |
|
The table displays the existing facility and severity configured for system log messages. You can perform the following actions:
|
|
Advanced Options |
|
Allow Duplicates |
Select this check box if you want to allow repeated messages in the system log output. By default, this check box is cleared, which means that repeated messages are not logged in the output. |
Explicit Priority |
Select this check box to include the priority, which is a combination of the facility and severity, in syslog messages. |
Facility Override |
Specify an alternative facility that will replace the default facility used when messages are directed to a remote destination. For more information, see the http://www.juniper.net/documentation/en_US/junos/topics/reference/general/syslog-facilities-remote-logging.html topic. |
Log Prefix |
Specify the prefix to be used for all syslog messages for the specified host. |
Source Address |
Specify the IPv4 or IPv6 address to be used as the source address that is included in system log messages for the host. |
Port |
Specify the port number for the remote syslog folder. The range is 0 through 65,535 and the default is 514. |
Structured Data |
Select this check box to log messages to a file in structured-data format instead of the standard Junos OS format. The structured-data format complies with IETF RFC 5424. By default, this check box is selected. Select the Brief check box to suppress the English language text that appears by default at the end of a message to describe the error or event. By default this check box is cleared. |
Setting |
Guideline |
---|---|
Name |
Enter the name of the file in which the data should be logged. The filename must not contain spaces, and it can contain some special characters ($ ^ < > @ # ! * - = _ .). |
Match |
Enter a regular expression up to a maximum of 255 characters that must appear or must not appear in a message for the messages to be logged to a file. |
Contents |
|
The table displays the existing facility and severity configured for system log messages. You can perform the following actions:
|
|
Advanced Options |
|
Explicit Priority |
Select this check box to include the priority, which is a combination of the facility and severity, in syslog messages. |
Structured Data |
Select this check box to log messages to a file in structured-data format instead of the standard Junos OS format. The structured-data format complies with IETF RFC 5424. By default, this check box is selected. Select the Brief check box to suppress the English language text that appears by default at the end of a message to describe the error or event. By default this check box is cleared. |
Setting |
Guideline |
---|---|
Name |
Enter the Junos OS username of the user whose terminal session is to receive system log messages. The username must not contain spaces, and it can contain some special characters (_ .). |
Match |
Enter a regular expression up to a maximum of 255 characters that must appear or must not appear in a message for the messages to be logged to a user terminal. |
Contents |
|
The table displays the existing facility and severity configured for system log messages. You can perform the following actions:
|
|
Advanced Options |
|
Allow Duplicates |
Select this check box if you want to allow repeated messages in the system log output. By default, this check box is cleared, which means that repeated messages are not logged in the output. |
Setting |
Guideline |
---|---|
Facility |
Select the facility to which the system log message belongs. Each system log message belongs to a facility, which categorizes messages based on the source by which they are generated, such as a software process, or that relate to a similar condition or activity, such as authentication attempts. |
Severity |
Select the severity level for the system log message. Each system message is pre-assigned a severity level, which indicates how seriously the triggering event affects routing platform functions. When you configure logging for a facility and destination, you specify a severity level for each facility. |
After you’ve configured the Syslogs on the SRX Series devices, Security Director can receive those logs.
For adding Log Collector as a special node using Security Director Log Collector, click here.
For adding Log Collector as a special node using JSA Log Collector, click here.