So fingers crossed that this is an easy one for you guys, Device is an SRX210BE running 11.4R5.5 code.
ive added the syslog host to the config meeks@MeeksNet-SRX210> show configuration system syslog archive size 100k files 3; user * { any emergency; } host 192.168.1.12 { any any; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } file security { security any; } file default-log-messages { any any; match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|(vc add)|(vc delete)|transitioned|Transferred|transfer-file|QFABRIC_NETWORK_NODE_GROUP|QFABRIC_SERVER_NODE_GROUP|QFABRIC_NODE|(license add)|(license delete)|(package -X update)|(package -X delete)|GRES|CFMD_CCM_DEFECT|LFMD_3AH|MEDIA_FLOW_ERROR|RPD_MPLS_PATH_BFD"; structured-data; } and implemented the default deny template i found here: http://kb.juniper.net/InfoCenter/index?page=content&id=KB20778&actp=RSS meeks@MeeksNet-SRX210> show configuration groups default-deny-template { security { policies { from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { deny; log { session-init; } } } } } } } meeks@MeeksNet-SRX210> show configuration apply-groups ## Last commit: 2013-02-21 16:05:36 EST by meeks apply-groups default-deny-template; however, when i log on to the syslog host, and tail the syslog file i do not see denies being logged remotely. if i apply the session-init and session-close options to permitted traffic, it does get logged remotely. Alternatively, creating a new policy has the same result, regardless if i use reject or deny meeks@MeeksNet-SRX210# show security policies from-zone untrust to-zone trust policy deny-all match { source-address any; destination-address any; application any; } then { deny; log { session-init; } } my google-foo is failing, so i hope you guys can help. Looking forward to hearing back from you, Mike _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp