Hello,
Sending MS-MPC syslogs to more than 1 destination server DIRECTLY FROM
NPU ("service-set <> syslog host" stanza) is not supported APART from
JFLOWv9 NAT syslogs.
You could send MS-MPC syslogs initially to RE and then RE will replicate
to more than 1 destination server. With PBA, and relatively small NAT
pool, it is not going to be much of a load.
An example config below (from memory):
set service-set SS1 syslog host local severity info facility-override local2
set service-set SS1 syslog host local class nat-logs
set system syslog host BLAH1 external info
set system syslog host BLAH2 external info
set system syslog host BLAH3 external info
HTH
Thx
Alex
On 26/05/2016 19:33, Aaron wrote:
I've been using 14.2R2.8
Speaking of buggy, I wonder if this is what you were referring to...
For a few weeks I've been running like this... (syslog statements shown
below)... and the result has been that I've seen the following nat msgs...
NAT PORT BLOCK ALLOC
NAT PORT BLOCK RELEASE
...arriving at syslog servers at 172.22.14.54, 172.22.14.247,
log01.mydomain.com
Even though, the cgnat syslog stanza does NOT allow more than one syslog
server to be config'd, I STILL was rcv'ing those NAT syslog traps to ALL 3
servers....
Now, I rebooted this MX104 today, and suddenly, now it will only sends nat
specific syslog traps to that one server config'd in the cgnat service-set
syslog stanza.
So actually I'm thinking it's behaving more like it should now than it did
previously.
I'm going to upgrade junos to 14.2R6 as Mark mentioned previously... or
perhaps newer.
agould@eng-lab-mx104-cgn# set services service-set cgn-sset syslog host
172.22.14.55 class nat-logs
[edit]
agould@eng-lab-mx104-cgn# commit
[edit services]
'service-set cgn-sset'
Only one syslog host may be configured
error: configuration check-out failed
agould@eng-lab-mx104-cgn# show | display set | grep syslog
set system syslog user * any emergency
set system syslog host 172.22.14.54 any any
set system syslog host 172.22.14.247 any any
set system syslog host log01.mydomain.com any any
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog source-address 10.101.12.243
set services service-set cgn-sset syslog host 172.22.14.54 class nat-logs
set services service-set cgn-sset syslog host 172.22.14.54 source-address
10.101.12.243
-----Original Message-----
From: Mark Tinka [mailto:mark.ti...@seacom.mu]
Sent: Monday, April 25, 2016 9:10 PM
To: Aaron <aar...@gvtc.com>; 'Nitzan Tzelniker'
<nitzan.tzelni...@gmail.com>; dlock...@gmail.com; 'Alexander Arseniev'
<arsen...@btinternet.com>; 'juniper-nsp List' <juniper-nsp@puck.nether.net>
Subject: Re: [j-nsp] CGNat PBA - MX104 w/MS-MIC
On 25/Apr/16 23:10, Aaron wrote:
You guys are awesome. PBA is working ! thanks a bunch. I upgraded to
14.2.R2 like you suggested and it's good now.
Quite a number of bugs in 14.2R2.
Would rather deploy 14.2R6, which is out now.
Mark.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
