Hello Guys,
I have two SRX 5800 firewalls in cluster active-active mode so both
firewalls carry the session. I configured security logs sent to syslog
server (precisely STRM), below is config.
security log
mode stream;
format sd-syslog;
source-address Master-Only IP;
stream security-logs {
On the 5800 in stream mode (which is the way to go) you must configure a source
address on each node.
Because the logs come from the control plane and NOT the routing engines.
So, the solution is to configure your security log under the groups stanza for
both nodes.
Within each node, you
2 matches
Mail list logo
