actually, i retract that statement.
i saw a deny come through, and it was logged, but under testing and further
review, it seems that the only thing this is logging is UDP to port 44082.
Any telnet testing to random ports do not generate logs, neither does using
internet sites to test port connect
that got it working it seems :)
Thanks guys!!!
On Tue, Feb 26, 2013 at 12:06 AM, Gordon Smith wrote:
> This (remote syslog) works for me on SRX550's running 12.1R1.9
> This will apply a default deny & log to the end of your security policies,
> so you don't need to reorder policies after adding
This (remote syslog) works for me on SRX550's running 12.1R1.9
This will apply a default deny & log to the end of your security
policies, so you don't need to reorder policies after adding a new one.
I have had issues logging locally where the box will stop logging after
a while. Not a big iss
There could be a few reasons you're not seeing logs:
- With the groups configuration, you need to still have a policy configured
in the configuration before the group applies (even if it is just a blank
"set security policies from-zone a to-zone b". You can confirm this with a
"| display inheriten
It looks like since the connection is being denied there is
never as session initialized or closed to be logged?
Would you be able to get the logging you need by doing it on an
input filter in the interface(s)? It seems like it's having to
examing the traffic twice, but maybe it's more efficient
nope, that didnt work either :(
meeks@MeeksNet-SRX210# run show log TEST-DENY
[edit]
meeks@MeeksNet-SRX210# show system syslog file TEST-DENY
any any;
match RT_FLOW;
[edit]
On Sat, Feb 23, 2013 at 2:35 AM, Farrukh Haroon wrote:
> Hello Mike
>
> Was wondering if you can get the deny logs whil
Hello Mike
Was wondering if you can get the deny logs while doing local logging?
set system syslog file TEST-DENY any any
set system syslog file TEST-DENY match RT_FLOW
Regards
Farrukh
On Fri, Feb 22, 2013 at 4:39 AM, Mike Devlin wrote:
> So fingers crossed that this is an easy one for you
So fingers crossed that this is an easy one for you guys,
Device is an SRX210BE running 11.4R5.5 code.
ive added the syslog host to the config
meeks@MeeksNet-SRX210> show configuration system syslog
archive size 100k files 3;
user * {
any emergency;
}
host 192.168.1.12 {
any any;
}
file
8 matches
Mail list logo
