Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Audit Log Options to Support FAU_GEN.1 Requirements

    This topic describes how to configure audit log options to support FAU_GEN.1 requirements for both branch and high-end SRX Series devices.

    To configure audit log options for branch SRX Series devices:

    1. Specify the number of files to be archived in the system logging facility.
      [edit system syslog]root@host#set archive files 2
    2. Specify the file in which to log data.
      [edit system syslog]root@host#set file syslog any any
    3. Specify the size of files to be archived.
      [edit system syslog]root@host#set file syslog archive size 10000000
    4. Specify the priority and facility in messages for the system logging facility.
      [edit system syslog]root@host#set file syslog explicit-priority
    5. Log system messages in a structured format.
      [edit system syslog]root@host#set file syslog structured-data
    6. Configure security log events in the audit log buffer.
      [edit]root@host#set security log cache

    To configure audit log options for high-end SRX Series devices:

    1. Specify the number of files to be archived in the system logging facility.
      [edit system syslog]root@host#set archive files 2
    2. Specify the file in which to log data.
      [edit system syslog]root@host#set file syslog any any
    3. Specify the size of files to be archived.
      [edit system syslog]root@host#set file syslog archive size 10000000
    4. Specify the priority and facility in messages for the system logging facility.
      [edit system syslog]root@host#set file syslog explicit-priority
    5. Log system messages in a structured format.
      [edit system syslog]root@host#set file syslog structured-data
    6. Specify how security logs need to be processed and exported.
      [edit]root@host#set security log mode event

    Published: 2013-12-10